This page provides a list of recommended secure configuration checks for IBM c-type directors and switches, and is periodically updated. IBM c-type storage networking switches connect servers and storage devices in a Storage Area Network (SAN).
ID | System | Category | Configuration check |
K0319000P100 | IBM c-type | Access Control | Absolute session timeout |
K03190000105 | IBM c-type | Access Control | Banner (motd) status |
K0319000P110 | IBM c-type | Access Control | Banner (motd) message |
K0819000P115 | IBM c-type | Access Control | Default FC port mode |
K0319000P120 | IBM c-type | Access Control | Default port state |
K0319000P125 | IBM c-type | Access Control | Default zone policy |
K0319000P130 | IBM c-type | Access Control | Fabric binding state |
K021900MP135 | IBM c-type | Access Control | Fabric-binding activated |
K0219000P140 | IBM c-type | Access Control | FC-CT management status |
K0219000P145 | IBM c-type | Access Control | Idle session timeout |
K0219000P150 | IBM c-type | Access Control | IP ACL configuration |
K0219000P155 | IBM c-type | Access Control | Iscsi initiator idle-timeout |
K0219000P160 | IBM c-type | Access Control | Non-default local users |
K0219000P165 | IBM c-type | Access Control | Port security activated for VSAN |
K0219000P170 | IBM c-type | Access Control | Port security distribution |
K0219000P175 | IBM c-type | Access Control | Port security feature status |
K0219000P180 | IBM c-type | Access Control | SAN Fabric zone member identification |
K0219000P185 | IBM c-type | Access Control | Unused zone members |
K0219000P190 | IBM c-type | Access Control | Unused zones |
K02190000195 | IBM c-type | Access Control | VSAN security auto-learning |
K021900MP200 | IBM c-type | Audit | Approved NTP servers |
K0219000P205 | IBM c-type | Audit | Approved syslog servers |
K0219000P210 | IBM c-type | Audit | Audit logging status |
K0319000P215 | IBM c-type | Audit | Centralized log server |
K0319000P220 | IBM c-type | Audit | Event types enabled for audit logging |
K0319000P225 | IBM c-type | Audit | External syslog server redundancy |
K0319000P230 | IBM c-type | Audit | NTP server redundancy |
K0219000P235 | IBM c-type | Audit | NTP service status |
K0319000P240 | IBM c-type | Audit | Required NTP servers |
K0319000P245 | IBM c-type | Audit | Required syslog servers |
K0519000P250 | IBM c-type | Authentication | aaa configuration |
K051900MP255 | IBM c-type | Authentication | Account lockout duration enforcement |
K0519000P260 | IBM c-type | Authentication | Account lockout threshold |
K0519000P265 | IBM c-type | Authentication | Account lockout threshold enforcement |
K0519000P270 | IBM c-type | Authentication | Approved Identity (RADIUS) provider servers |
K0519000P275 | IBM c-type | Authentication | Approved Identity (TACACS+) provider servers |
K05190000280 | IBM c-type | Authentication | Approved Identity provider (LDAP) servers |
K0519000P285 | IBM c-type | Authentication | Authentication server configuration |
K051900MP290 | IBM c-type | Authentication | Authentication server redundancy |
K0519000P295 | IBM c-type | Authentication | Default passwords |
K0519000P300 | IBM c-type | Authentication | DHCHAP authentication timeout |
K0519000P305 | IBM c-type | Authentication | DHCHAP DH group |
K0519000P310 | IBM c-type | Authentication | DHCHAP hash algorithm |
K071900MP315 | IBM c-type | Authentication | DHCHAP mode |
K051900MP320 | IBM c-type | Authentication | FCSP (DHCHAP) status |
K071900MP316 | IBM c-type | Authentication | LDAP server Redundancy |
K051900MP321 | IBM c-type | Authentication | Maximum password age |
K071900MP317 | IBM c-type | Authentication | Maximum password lifetime |
K051900M0322 | IBM c-type | Authentication | Minimum account lockout duration |
K071900MP318 | IBM c-type | Authentication | Minimum password length |
K051900MP323 | IBM c-type | Authentication | Password change grace time |
K071900MP319 | IBM c-type | Authentication | Password change security |
K051900MP324 | IBM c-type | Authentication | Required Identity provider (LDAP) servers |
K071900MP320 | IBM c-type | Authentication | Required Identity provider (RADIUS) servers |
K051900MP325 | IBM c-type | Authentication | Required Identity provider (TACACS+) servers |
K071900MP321 | IBM c-type | Authentication | SNMP community default string |
K051900MP326 | IBM c-type | Authentication | SNMP user authentication |
K071900MP322 | IBM c-type | Authentication | Strong dhchap secret |
K051900MP327 | IBM c-type | Authentication | Watch-for-login-attacks feature |
K071900MP323 | IBM c-type | Authorization | Approved admin users / groups |
K051900MP328 | IBM c-type | Authorization | Default role configuration |
K071900MP324 | IBM c-type | Authorization | User role association |
K051900MP329 | IBM c-type | Authorization | User role configuration |
K071900MP325 | IBM c-type | Backup and Recovery | Configuration backup |
K051900MP330 | IBM c-type | Configuration Management | Approved DNS servers |
K071900M0326 | IBM c-type | Configuration Management | Approved OS release installed |
K051900MP331 | IBM c-type | Configuration Management | DNS server redundancy |
K1419000P435 | IBM c-type | Configuration Management | DNS service status |
K1419000P440 | IBM c-type | Configuration Management | ENTERPRISE_PKG license |
K1419000P445 | IBM c-type | Configuration Management | Persistent port security configuration |
K1419000P450 | IBM c-type | Configuration Management | Power Supply Mode |
K1419000P455 | IBM c-type | Configuration Management | Remote support configuration |
K0319000P460 | IBM c-type | Configuration Management | Remote Support status |
K0319000P465 | IBM c-type | Configuration Management | Required DNS servers |
K0319000P470 | IBM c-type | Configuration Management | Target MDS software release |
K0319000P475 | IBM c-type | Encryption | Central Certificate Authority (CA) status |
K0319000P480 | IBM c-type | Encryption | Certificate issuer |
K0319000P485 | IBM c-type | Encryption | Certificate signature algorithm |
K0319000P490 | IBM c-type | Encryption | Certificate validity |
K0319000P495 | IBM c-type | Encryption | CRL configuration |
K0319000P500 | IBM c-type | Encryption | ESP mode |
K0319000P505 | IBM c-type | Encryption | ESP status |
K0319000P510 | IBM c-type | Encryption | ike status |
K0319000P515 | IBM c-type | Encryption | ike version |
K0319000P520 | IBM c-type | Encryption | IPSec authentication method |
K03190000525 | IBM c-type | Encryption | IPsec configuration |
K1819000P530 | IBM c-type | Encryption | IPSec hash algorithm |
K1819I00P535 | IBM c-type | Encryption | IPSec keepalive |
K1819I00P540 | IBM c-type | Encryption | IPSec lifetime |
K1819I00P545 | IBM c-type | Encryption | IPSec policy |
K1819I00P550 | IBM c-type | Encryption | Key type |
K1819I00P555 | IBM c-type | Encryption | password hash strength |
K1819I00P560 | IBM c-type | Encryption | Password strength enforcement |
K1819I00P565 | IBM c-type | Encryption | Self-signed certificate |
K1819I00P570 | IBM c-type | Encryption | SNMP message privacy enforcement |
K1819I00P575 | IBM c-type | Encryption | SNMP user privacy |
K1819I00P580 | IBM c-type | Encryption | SSH key bitcount |
K1819I00P585 | IBM c-type | Encryption | SSL certificate status |
K1819I00P590 | IBM c-type | Encryption | Strong password encryption |
K1819I00P595 | IBM c-type | Encryption | TLS level check |
K1819I00P600 | IBM c-type | Encryption | Weak key exchange algorithms are disabled |
K1819I00P605 | IBM c-type | Encryption | Weak SSH ciphers are disabled |
K0319000P610 | IBM c-type | Encryption | Weak SSH MACs are disabled |
K0319000P615 | IBM c-type | Hardening | FIPS mode status |
K0319000P620 | IBM c-type | Services and Protocols | HTTP service status |
K0319000P625 | IBM c-type | Services and Protocols | SCP status |
K03190000630 | IBM c-type | Services and Protocols | SFTP status |
K0319000P635 | IBM c-type | Services and Protocols | SNMP status |
K03190000640 | IBM c-type | Services and Protocols | SNMP versions enabled |
K1319000P645 | IBM c-type | Services and Protocols | SSH login attempts |
K0319000P650 | IBM c-type | Services and Protocols | SSHv1 status |
K03190000655 | IBM c-type | Services and Protocols | Telnet service status |
K0919000P660 | IBM c-type | Services and Protocols | TFTP/FTP status |
... and more. |
NOTE: Additional security baseline checks should be performed against Dashboard Fabric Controller, Data Center Network Manager (DCNM) and other components.
Interested to learn about StorageGuard Security Posture Management for IBM c-type?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.