C7.5 How to Protect against These Vulnerabilities

• Ensure the latest vendor supplied software patches are installed on the clients and servers.


• The ports being used by backup software should be firewalled from any untrusted network including the Internet.


• Data should be encrypted when stored on backup media and while being transported across the network.


• Host/Network based firewalls should be run to limit the accessibility of a systems backup software to ensure that only the appropriate backup hosts can communicate on the backup server ports


• Segregate your network to create a separate backup network VLAN.


• Backup media should be stored, tracked and accounted like other IT assets to deter and detect theft or loss.


• Backup media should be securely erased, or physically destroyed at the end of its useful life.

C7.6 References

Computer Associates Advisories

http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp

http://zerodayinitiative.com/advisories/ZDI-06-030.html

http://zerodayinitiative.com/advisories/ZDI-06-031.html


Symantec Veritas Advisories

http://seer.support.veritas.com/docs/279553.htm

http://support.veritas.com/docs/281521

http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities

http://www.zerodayinitiative.com/advisories/ZDI-06-005.html

http://www.zerodayinitiative.com/advisories/ZDI-06-006.html


EMC Legato and Sun Advisories

http://www.legato.com/support/websupport/product_alerts/011606_NW.htm

http://archives.neohapsis.com/archives/vulnwatch/2006-q1/0027.html

http://archives.neohapsis.com/archives/vulnwatch/2006-q1/0028.html

http://archives.neohapsis.com/archives/vulnwatch/2006-q1/0029.html