Home > Storage Technology News > Symantec issues NetBackup security alert
Storage Technology News:
EMAIL THIS

Symantec issues NetBackup security alert

By Jo Maitland, News Director
13 Dec 2006 | SearchStorage.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Symantec Corp. posted an alert on its Web site Wednesday evening, warning users of multiple vulnerabilities in NetBackup that can expose the product to a remote attack.

The vulnerability specifically affects master servers, media servers and clients of NetBackup versions 6.0, 5.1 and 5.0, that are remotely managed.

"An attacker, able to access a vulnerable NetBackup host and successfully exploit these issues, could potentially cause execution of arbitrary code resulting in possible unauthorized, elevated access to the targeted system," Symantec said in its alert. Put simply, an attacker could insert a command into the backup stream and execute another process, such as creating another copy of the data.

Symantec's security update and a patch for this issue can be found at: http://www.symantec.com/avcenter/security/Content/2006.12.13a.html

Coincidentally, the alert comes a day after Symantec announced an encryption option for NetBackup that allows users to directly encrypt back ups on the media server instead of application servers.

The encryption module would prevent a malcious attacker gaining access to the data, according to Peter Allor, director of intelligence for IBM Internet Security Systems (ISS). "They could still gain access to the machine but would not be able see the data," he said. IBM's ISS division alerted Symantec to the latest vulnerabilities in NetBackup.

To enable the media server-based encryption, Symantec said users will need to pay a $10,000 flat fee for the key management software and pay for a license for the encryption engine itself. The latter will cost the same as a plain Media server license, i.e. starting from $5,000 for Windows, and $10,000 for Unix.

Jon Oltsik, senior analyst of information security at Enterprise Strategy Group, said the vulnerability demonstrates that users have to be diligent about monitoring bug tracking systems and patching servers besides just Windows. He said the industry will start to see attacks that take advantage of application and management software next year. "This places an added burden on vendors to test and monitor their code and users to keep up on maintenance," he added.



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Backup Solution Directory
TechTarget Storage Media
Storage Magazine View this month\\'s issue and subscribe today.
Storage Decisions Apply online for free conference admission.
SearchStorage.com
HomeNewsMagazineTopicsLearningMultimediaWhite PapersBlogsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts