This page provides a list of recommended secure configuration checks for HPE C-series directors and switches, and is periodically updated. HPE C-series storage networking switches connect servers and storage devices in a Storage Area Network (SAN).
Interested to learn about StorageGuard Benchmark Checks for HPE? |
ID | System | Category | Configuration check |
K0319000P100 | HPE C-series | Access Control | Absolute session timeout |
K03190000105 | HPE C-series | Access Control | Banner (motd) status |
K0319000P110 | HPE C-series | Access Control | Banner (motd) message |
K0819000P115 | HPE C-series | Access Control | Default FC port mode |
K0319000P120 | HPE C-series | Access Control | Default port state |
K0319000P125 | HPE C-series | Access Control | Default zone policy |
K0319000P130 | HPE C-series | Access Control | Fabric binding state |
K021900MP135 | HPE C-series | Access Control | Fabric-binding activated |
K0219000P140 | HPE C-series | Access Control | FC-CT management status |
K0219000P145 | HPE C-series | Access Control | Idle session timeout |
K0219000P150 | HPE C-series | Access Control | IP ACL configuration |
K0219000P155 | HPE C-series | Access Control | Iscsi initiator idle-timeout |
K0219000P160 | HPE C-series | Access Control | Non-default local users |
K0219000P165 | HPE C-series | Access Control | Port security activated for VSAN |
K0219000P170 | HPE C-series | Access Control | Port security distribution |
K0219000P175 | HPE C-series | Access Control | Port security feature status |
K0219000P180 | HPE C-series | Access Control | SAN Fabric zone member identification |
K0219000P185 | HPE C-series | Access Control | Unused zone members |
K0219000P190 | HPE C-series | Access Control | Unused zones |
K02190000195 | HPE C-series | Access Control | VSAN security auto-learning |
K021900MP200 | HPE C-series | Audit | Approved NTP servers |
K0219000P205 | HPE C-series | Audit | Approved syslog servers |
K0219000P210 | HPE C-series | Audit | Audit logging status |
K0319000P215 | HPE C-series | Audit | Centralized log server |
K0319000P220 | HPE C-series | Audit | Event types enabled for audit logging |
K0319000P225 | HPE C-series | Audit | External syslog server redundancy |
K0319000P230 | HPE C-series | Audit | NTP server redundancy |
K0219000P235 | HPE C-series | Audit | NTP service status |
K0319000P240 | HPE C-series | Audit | Required NTP servers |
K0319000P245 | HPE C-series | Audit | Required syslog servers |
K0519000P250 | HPE C-series | Authentication | aaa configuration |
K051900MP255 | HPE C-series | Authentication | Account lockout duration enforcement |
K0519000P260 | HPE C-series | Authentication | Account lockout threshold |
K0519000P265 | HPE C-series | Authentication | Account lockout threshold enforcement |
K0519000P270 | HPE C-series | Authentication | Approved Identity (RADIUS) provider servers |
K0519000P275 | HPE C-series | Authentication | Approved Identity (TACACS+) provider servers |
K05190000280 | HPE C-series | Authentication | Approved Identity provider (LDAP) servers |
K0519000P285 | HPE C-series | Authentication | Authentication server configuration |
K051900MP290 | HPE C-series | Authentication | Authentication server redundancy |
K0519000P295 | HPE C-series | Authentication | Default passwords |
K0519000P300 | HPE C-series | Authentication | DHCHAP authentication timeout |
K0519000P305 | HPE C-series | Authentication | DHCHAP DH group |
K0519000P310 | HPE C-series | Authentication | DHCHAP hash algorithm |
K071900MP315 | HPE C-series | Authentication | DHCHAP mode |
K051900MP320 | HPE C-series | Authentication | FCSP (DHCHAP) status |
K071900MP316 | HPE C-series | Authentication | LDAP server Redundancy |
K051900MP321 | HPE C-series | Authentication | Maximum password age |
K071900MP317 | HPE C-series | Authentication | Maximum password lifetime |
K051900M0322 | HPE C-series | Authentication | Minimum account lockout duration |
K071900MP318 | HPE C-series | Authentication | Minimum password length |
K051900MP323 | HPE C-series | Authentication | Password change grace time |
K071900MP319 | HPE C-series | Authentication | Password change security |
K051900MP324 | HPE C-series | Authentication | Required Identity provider (LDAP) servers |
K071900MP320 | HPE C-series | Authentication | Required Identity provider (RADIUS) servers |
K051900MP325 | HPE C-series | Authentication | Required Identity provider (TACACS+) servers |
K071900MP321 | HPE C-series | Authentication | SNMP community default string |
K051900MP326 | HPE C-series | Authentication | SNMP user authentication |
K071900MP322 | HPE C-series | Authentication | Strong dhchap secret |
K051900MP327 | HPE C-series | Authentication | Watch-for-login-attacks feature |
K071900MP323 | HPE C-series | Authorization | Approved admin users / groups |
K051900MP328 | HPE C-series | Authorization | Default role configuration |
K071900MP324 | HPE C-series | Authorization | User role association |
K051900MP329 | HPE C-series | Authorization | User role configuration |
K071900MP325 | HPE C-series | Backup and Recovery | Configuration backup |
K051900MP330 | HPE C-series | Configuration Management | Approved DNS servers |
K071900M0326 | HPE C-series | Configuration Management | Approved OS release installed |
K051900MP331 | HPE C-series | Configuration Management | DNS server redundancy |
K1419000P435 | HPE C-series | Configuration Management | DNS service status |
K1419000P440 | HPE C-series | Configuration Management | ENTERPRISE_PKG license |
K1419000P445 | HPE C-series | Configuration Management | Persistent port security configuration |
K1419000P450 | HPE C-series | Configuration Management | Power Supply Mode |
K1419000P455 | HPE C-series | Configuration Management | Remote support configuration |
K0319000P460 | HPE C-series | Configuration Management | Remote Support status |
K0319000P465 | HPE C-series | Configuration Management | Required DNS servers |
K0319000P470 | HPE C-series | Configuration Management | Target MDS software release |
K0319000P475 | HPE C-series | Encryption | Central Certificate Authority (CA) status |
K0319000P480 | HPE C-series | Encryption | Certificate issuer |
K0319000P485 | HPE C-series | Encryption | Certificate signature algorithm |
K0319000P490 | HPE C-series | Encryption | Certificate validity |
K0319000P495 | HPE C-series | Encryption | CRL configuration |
K0319000P500 | HPE C-series | Encryption | ESP mode |
K0319000P505 | HPE C-series | Encryption | ESP status |
K0319000P510 | HPE C-series | Encryption | ike status |
K0319000P515 | HPE C-series | Encryption | ike version |
K0319000P520 | HPE C-series | Encryption | IPSec authentication method |
K03190000525 | HPE C-series | Encryption | IPsec configuration |
K1819000P530 | HPE C-series | Encryption | IPSec hash algorithm |
K1819I00P535 | HPE C-series | Encryption | IPSec keepalive |
K1819I00P540 | HPE C-series | Encryption | IPSec lifetime |
K1819I00P545 | HPE C-series | Encryption | IPSec policy |
K1819I00P550 | HPE C-series | Encryption | Key type |
K1819I00P555 | HPE C-series | Encryption | password hash strength |
K1819I00P560 | HPE C-series | Encryption | Password strength enforcement |
K1819I00P565 | HPE C-series | Encryption | Self-signed certificate |
K1819I00P570 | HPE C-series | Encryption | SNMP message privacy enforcement |
K1819I00P575 | HPE C-series | Encryption | SNMP user privacy |
K1819I00P580 | HPE C-series | Encryption | SSH key bitcount |
K1819I00P585 | HPE C-series | Encryption | SSL certificate status |
K1819I00P590 | HPE C-series | Encryption | Strong password encryption |
K1819I00P595 | HPE C-series | Encryption | TLS level check |
K1819I00P600 | HPE C-series | Encryption | Weak key exchange algorithms are disabled |
K1819I00P605 | HPE C-series | Encryption | Weak SSH ciphers are disabled |
K0319000P610 | HPE C-series | Encryption | Weak SSH MACs are disabled |
K0319000P615 | HPE C-series | Hardening | FIPS mode status |
K0319000P620 | HPE C-series | Services and Protocols | HTTP service status |
K0319000P625 | HPE C-series | Services and Protocols | SCP status |
K03190000630 | HPE C-series | Services and Protocols | SFTP status |
K0319000P635 | HPE C-series | Services and Protocols | SNMP status |
K03190000640 | HPE C-series | Services and Protocols | SNMP versions enabled |
K1319000P645 | HPE C-series | Services and Protocols | SSH login attempts |
K0319000P650 | HPE C-series | Services and Protocols | SSHv1 status |
K03190000655 | HPE C-series | Services and Protocols | Telnet service status |
K0919000P660 | HPE C-series | Services and Protocols | TFTP/FTP status |
... and more. |
NOTE: Additional security baseline checks should be performed against Dashboard Fabric Controller, Data Center Network Manager (DCNM) and other components.
Interested to learn about StorageGuard Security Posture Management for HPE C-series?
Please sign in to leave a comment.