Note

You can download this article as a PDF

BGuardian

The following article aims at presenting the reader with information about the Bacula Enterprise BGuardian Plugin (Bacula Guardian). The document briefly describes the target technologies of the plugin, defines the scope of its operations, and presents its main features.

Bacula Enterprise BGuardian Plugin is intended to become the ultimate tool designed to facilitate and automate some of the most important tasks around security analysis for a backup environment using Bacula Enterprise, providing a comprehensive overview of your system’s security posture, highlighting potential issues, suspicious activities, and weak points.

With its advanced capabilities and comprehensive approach, BGuardian safeguards your environment by meticulously scrutinizing the whole Bacula Configuration, the evolution and behavior of the executed jobs, as well as the status of the different components of the target system.

Using statistical analysis and best-practices knowledge, it provides backup poisoning detection features, as well as secure configuration assessment. It does it extracting valuable insights from the gathered information and presenting it in the form of easy to understand reports. On the other hand, it also generates persistent alerts that serve as a framework to control and act upon any found issue.

Even if BGuardian represents a very important help in terms of security for a given environment, it is crucial to remark that security must be considered as a whole in any organization. It starts on the very internal roots of any corporation when a security plan and recovery strategies are well-defined and followed. It continues with the application of best practices at all levels: Using secure communications, using less privileges principles (Zero-trust), using secure network architectures, strong passwords policies, monitoring and auditing processes, multifactor authentication, data encryption, data immutability and many other technical features. However, probably one of the most important parts, comes with the application of common sense and a good education in secure practices for all the people inside the organization, which means things like avoid phishing attacks, be careful with any untrusted or not updated software, not share private or internal information in sensible places, not reuse passwords and many more.

Together with BGuardian, Bacula Enterprise offers all the other needed features to make the backup environment an extremely secure place. In order to have more information about them, refer to the appropriate section associated to the different security features listed in: Security Features.

Through subchapters, more in-depth information can be found about the following topics: