There is, in my opinion, an unpleasant security hole in the NMC installation/configuration process.
The security hole is simple: it does not prompt for the administrator password on installation. This is inappropriate for a data protection product, and I think it’s something that EMC should fix.
The NMC installation process is slightly different depending on whether you’re working with 7.5.x or 7.4.x and lower.
For 7.4.x and lower, the process works as follows:
- Install NetWorker management console.
- (On Unix platforms, manually run the /opt/lgtonmc/bin/nmc_config file to initialise the configuration.)
- Launch NMC.
- Use the default username/password until you get around to changing the password.
For 7.5.x and higher installations, the process works as follows:
- Install NetWorker management console.
- First person to logon gets to set the administrator password.
In both instances, this represents a clear security threat to the environment, particularly when installing NetWorker on the backup server or another host that already has administrator access to the datazone, and needs to be managed carefully. Two clear options, depending on the level of trust you have within your environment are:
- Use firewall/network security configuration options to restrict access to the NMC console port (9000) to a single, known and trusted host, until you are able to log on and change the password.
or
- Be prepared to log onto NMC as soon as the installation (or for Unix, installation/configuration) is complete and trust that you “get there first”.
In reality, the second option would not be declared secure by any security expert, but for small environments where the trust level is high, it may be acceptable for local security policies.
The real solution though is simple: EMC must change the NMC installation process to force the input of a secure administrator password at install time. That way, by the time the daemons are first started, they are already secured.