There is, in my opinion, an unpleasant security hole in the NMC installation\/configuration process.<\/p>\n
The security hole is simple: it does not prompt for the administrator password on installation. This is inappropriate for a data protection product, and I think it’s something that EMC should fix.<\/p>\n
The NMC installation process is slightly different depending on whether you’re working with 7.5.x or 7.4.x and lower.<\/p>\n
For 7.4.x and lower, the process works as follows:<\/p>\n
For 7.5.x and higher installations, the process works as follows:<\/p>\n
In both instances, this represents a clear security threat to the environment, particularly when installing NetWorker on the backup server or another host that already has administrator access to the datazone<\/em>, and needs to be managed carefully. Two clear options, depending on the level of trust you have within your environment are:<\/p>\n or<\/em><\/p>\n In reality, the second option would not be declared secure by any security expert, but for small environments where the trust level is high, it may <\/em>be acceptable for local security policies.<\/p>\n The real solution though is simple: EMC must <\/strong>change the NMC installation process to force the input of a secure administrator password at install time<\/em>. That way, by the time the daemons are first started, they are already secured.<\/p>\n","protected":false},"excerpt":{"rendered":" There is, in my opinion, an unpleasant security hole in the NMC installation\/configuration process. The security hole is simple: it…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[16,21],"tags":[96,97,633,638,1254],"class_list":["post-864","post","type-post","status-publish","format-standard","hentry","category-networker","category-security","tag-administrator","tag-administrator-password","tag-networker-management-console","tag-nmc","tag-security"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pKpIN-dW","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/864","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/comments?post=864"}],"version-history":[{"count":0,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/864\/revisions"}],"wp:attachment":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/media?parent=864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/categories?post=864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/tags?post=864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n