This page provides a list of recommended secure configuration checks for IBM b-type directors and switches, and is periodically updated. IBM b-type directors and switches connect servers and storage devices in a Storage Area Network (SAN).
ID | System | Category | Configuration check |
K0204I0MP100 | IBM b-type | Access Control | Access restriction by IP |
K0204I000105 | IBM b-type | Access Control | Approved aaa servers |
K0604I00P110 | IBM b-type | Access Control | Approved DNS servers |
K0604I0MP115 | IBM b-type | Access Control | Approved NTP Servers |
K0604I000120 | IBM b-type | Access Control | Approved syslog servers |
K0604I0MP125 | IBM b-type | Access Control | Banner status |
K0604I00P130 | IBM b-type | Access Control | Default users used |
K060400M0135 | IBM b-type | Access Control | Default zone |
K0604I00P140 | IBM b-type | Access Control | FC security policies |
K0604I0MP145 | IBM b-type | Access Control | G_port locking status |
K0604I0M0150 | IBM b-type | Access Control | IPfilter status |
K0604I0MP155 | IBM b-type | Access Control | Motd status |
K0604I0M0160 | IBM b-type | Access Control | Prevent ports from becoming E_Ports |
K0604I0MP165 | IBM b-type | Access Control | Session timeout |
K0604I0M0170 | IBM b-type | Access Control | SNMP Access Control List |
K0604I0M0175 | IBM b-type | Access Control | Unused ports not disabled (persistently) |
K0204I0M0180 | IBM b-type | Access Control | Zone member identification type |
K0204I0MP185 | IBM b-type | Audit Logging | Audit log content |
K1504I0MP190 | IBM b-type | Audit Logging | Audit logging status |
K1504I0MP195 | IBM b-type | Audit Logging | Centralized log server |
K1504I00P200 | IBM b-type | Audit Logging | Centralized log server redundancy |
K1504I0MP205 | IBM b-type | Audit Logging | Event types enabled for audit logging |
K1504I0MP210 | IBM b-type | Audit Logging | NTP configuration |
K1504I0M0215 | IBM b-type | Audit Logging | NTP server redundancy |
K1504I0MP220 | IBM b-type | Audit Logging | Required NTP Servers |
K1504I00P225 | IBM b-type | Audit Logging | Required syslog servers |
K1504I0M0230 | IBM b-type | Authentication | Account lockout threshold |
K1504I0MP235 | IBM b-type | Authentication | Allow username in passwords |
K1504I0M0240 | IBM b-type | Authentication | Authentication (aaa) server configuration |
K150400MP245 | IBM b-type | Authentication | Authentication hash algorithm |
K1504I0MP250 | IBM b-type | Authentication | Authentication server redundancy |
K0204I00P255 | IBM b-type | Authentication | Certificate validation mode |
K0204I00P260 | IBM b-type | Authentication | Default passwords |
K0704I0MP265 | IBM b-type | Authentication | Default passwords (disabled account) |
K0704I0MP270 | IBM b-type | Authentication | Device Authentication Policy |
K0704I0MP275 | IBM b-type | Authentication | Last password change |
K0704I0M0280 | IBM b-type | Authentication | Lockout enforcement for admin |
K0704I0MP285 | IBM b-type | Authentication | Maximum length of sequential character sequences |
K07040000290 | IBM b-type | Authentication | Maximum number of repeated password characters |
K0704I0MP295 | IBM b-type | Authentication | Maximum password age |
K0704I00P300 | IBM b-type | Authentication | Minimum account lockout duration |
K0704I0MP305 | IBM b-type | Authentication | Minimum password age |
K0704I0MP310 | IBM b-type | Authentication | Minimum password digits |
K0704I0M0315 | IBM b-type | Authentication | Minimum password length |
K0704I0MP320 | IBM b-type | Authentication | Minimum password lowercase characters |
K0704I0MP325 | IBM b-type | Authentication | Minimum password special characters |
K0704I0M0330 | IBM b-type | Authentication | Minimum password string change |
K0704I0MP335 | IBM b-type | Authentication | Minimum password uppercase characters |
K0204I0MP340 | IBM b-type | Authentication | Number of disallowed past passwords |
K0204I0MP345 | IBM b-type | Authentication | Password hash strength |
K0204I0M0350 | IBM b-type | Authentication | Password reverse check |
K0904I0MP355 | IBM b-type | Authentication | Past passwords check is enabled |
K0904I00P360 | IBM b-type | Authentication | PWD policy status |
K0904I0MP365 | IBM b-type | Authentication | Required aaa servers |
K0904I0M0370 | IBM b-type | Authentication | SNMP community default string |
K0904I0MP375 | IBM b-type | Authentication | SNMP community default string (ro) |
K0904I0MP380 | IBM b-type | Authentication | SNMP user authentication |
K0904I0MP385 | IBM b-type | Authentication | Switch authentication policy |
K090400M0390 | IBM b-type | Authorization | LDAP mapping to role |
K0904I0MP395 | IBM b-type | Authorization | User role configuration |
K0904I0MP400 | IBM b-type | Authorization | Users not assigned with roles |
K0904I00P405 | IBM b-type | Configuration Management | DNS server redundancy |
K0904I0MP410 | IBM b-type | Configuration Management | DNS service status |
K0904I0M0415 | IBM b-type | Configuration Management | Fabric wide consistency policy |
K0904I0MP420 | IBM b-type | Configuration Management | Firmware integrity check |
K0904I0M0425 | IBM b-type | Configuration Management | Remote support status |
K0904I0MP430 | IBM b-type | Configuration Management | Required DNS servers |
K0904I0MP435 | IBM b-type | Configuration Management | Single HBA zoning |
K0904I0MP440 | IBM b-type | Configuration Management | Tape and disk separate zones |
K0904I0MP445 | IBM b-type | Configuration Management | Target Fabric OS (FOS) release |
K0904I00P450 | IBM b-type | Configuration Management | TCP timestamps |
K0904I0MP455 | IBM b-type | Encryption | Cipher strength |
K0204I00P460 | IBM b-type | Encryption | HTTPS cipher strength |
K0204I00P465 | IBM b-type | Encryption | LDAP SSL |
K030400MP470 | IBM b-type | Encryption | Secure upload/download |
K0304I0MP475 | IBM b-type | Encryption | SNMP security level |
K0304I0MP480 | IBM b-type | Encryption | SSH cipher strength |
K0304I00P485 | IBM b-type | Encryption | SSH KEX strength |
K0304I0M0490 | IBM b-type | Encryption | SSH MAC strength |
K0304I0MP495 | IBM b-type | Encryption | TLS security level |
K0304I0MP500 | IBM b-type | Hardening | FIPS mode |
K0304I0MP505 | IBM b-type | Hardening | FIPS verification |
K0304I0MP510 | IBM b-type | Hardening | Root access |
K0304I00P515 | IBM b-type | Monitoring | Active MAPS policy |
K0204I0M0520 | IBM b-type | Monitoring | Email notification |
K0204I00P525 | IBM b-type | Monitoring | Security monitoring rules |
K0204I0MP530 | IBM b-type | Services and Protocols | FTP status |
K0204I00P535 | IBM b-type | Services and Protocols | HTTP service status |
K020400MP540 | IBM b-type | Services and Protocols | REST API status |
K0204I0MP545 | IBM b-type | Services and Protocols | SNMP versions enabled |
K0204I0M0550 | IBM b-type | Services and Protocols | Telnet service status |
K0204I0MP555 | IBM b-type | Services and Protocols | Unused port status |
... and more. |
NOTE: Other than IBM b-type Fabric OS (FOS), additional security baseline checks should be performed against IBM management products such as Network Advisor, SANnav and other IBM software components.
Interested to learn about StorageGuard Security Posture Management for IBM b-type?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.