12.5

ManualsBrandsAcronis ManualsApplicationsCyber Backup

Table Of Contents

Security Hardening Guide

Revision: 1/20/2020

Summary of content (7 pages)

PAGE 1
Security Hardening Guide Revision: 1/20/2020
PAGE 2
Table of contents 2 1 Installation ......................................................................................................................3 2 Operations ......................................................................................................................4 2.1 Backup security ..........................................................................................................................4 2.2 Recommended backup destinations ...................................
PAGE 3
1 Installation It is highly recommended to use the recent Acronis Cyber Backup 12.5 update, as it may include the important security fixes and improvements. If you install Acronis Management Server in the Windows environment, it is recommended to install it on any virtual machine or hardware node except the Domain Controller. It is not recommended to change the accounts under which the services run (https://www.acronis.com/support/documentation/AcronisCyberBackup_12.5/index.html#40078.ht ml).
PAGE 4
2 Operations 2.1 Backup security It is recommended to encrypt your backups. As a result, a backup will be stored encrypted at rest and a user will have to enter the encryption password in order to restore or view the saved encrypted backup. For more details how to encrypt backups, refer to the Acronis Cyber Backup 12.5 web help (https://www.acronis.com/support/documentation/AcronisCyberBackup_12.5/#37608.html). 2.
PAGE 5
3 Secure network configuration This section describes the network configuration for secure communications between Acronis Cyber Backupcomponents. 3.1 Network security diagram On the diagram below, you can see the network security diagram which shows Acronis Cyber Backup 12.5 components and communications between them. For security reasons all the ports are closed except those that are listed in the table below. The arrow direction shows which component initiates the connection.
PAGE 6
3. Manage Environment: 9877 14. 4. Access via remote CL (acrocmd, acropsh): 9851 15. Create VM backups: 443, 902 5. - Register Agent: 9877 - Manage Agent: 7780 ZMQ - Sync licenses: 9877 16. NFS: TCP, UDP 111 and 2049 6. Remote installation: U1 and earlier: 445, 25001, 9876 U2+: 445, 25001, 43234 17. 7. Access via remote CL (acrocmd, acropsh): 9850 18. Deploy Appliance: 443, 902 19. - SMB: UDP 137, UDP 138 and TCP 139, TCP 445 - SFTP: 22 (default, can vary) 8.
PAGE 7
Backup Agents Agents do not require any open ports for regular backup and restore functionality.