Dell PowerFlex is a software-defined storage solution that combines compute and storage resources to deliver scalable, high-performance, and flexible infrastructure for modern data centers.
Hardening the Dell PowerFlex environment is essential to protect critical data from unauthorized access, data breaches, and tampering. Implementing robust security measures helps organizations ensure the confidentiality, integrity, and availability of their storage and compute resources.
Regularly reviewing the security of Dell PowerFlex is vital to identify and address potential vulnerabilities or weaknesses in its infrastructure, minimizing the risk of security breaches and data compromise. Regular security reviews help organizations ensure that security controls, access permissions, and encryption mechanisms are up to date and functioning effectively. By reviewing the security of Dell PowerFlex, organizations can proactively assess their security posture, mitigate emerging threats, and align their data protection practices with industry best practices and compliance requirements. This proactive approach helps maintain the confidentiality and integrity of stored data, ensuring the reliability and privacy of sensitive information.
This page provides a list of recommended secure configuration checks (benchmark) for PowerFlex systems, and is periodically updated.
Interested to learn about StorageGuard Benchmark Checks for PowerFlex? |
||
|
|
ID | System | Category | Configuration check |
K1474I00P0100 | Dell PowerFlex | Access Control | Incorrect mapping of LDAP group to role |
K1474I00P0175 | Dell PowerFlex | Access Control | Unapproved admin users |
K1474I00P0230 | Dell PowerFlex | Access Control | CIFS idle use session timeout |
K1474I00P0300 | Dell PowerFlex | Access Control | NFS export access list |
K1474I00P0305 | Dell PowerFlex | Access Control | NFS share default access |
K1474I00P0390 | Dell PowerFlex | Access Control | Restricted host (SDC) mode type |
K1474I00P0395 | Dell PowerFlex | Access Control | Restricted host (SDC) mode |
K1474I00P0400 | Dell PowerFlex | Access Control | Snapshot access mode |
K1474I00P0500 | Dell PowerFlex | Access Control | Node firewalld IP based access restriction |
K1474I00P0505 | Dell PowerFlex | Access Control | Node firewalld status |
K1474I00P0550 | Dell PowerFlex | Access Control | Login banner check |
K1474I00P0555 | Dell PowerFlex | Access Control | Non-default local users |
K1474I00P0560 | Dell PowerFlex | Access Control | Approved user roles |
K1474I00P0180 | Dell PowerFlex | Authentication | Authentication Method |
K1474I00P0205 | Dell PowerFlex | Authentication | (CHAP) authentication between SDRs |
K1474I00P0215 | Dell PowerFlex | Authentication | SDC authentication is enabled |
K1474I00P0335 | Dell PowerFlex | Authentication | NFS Credential cache retention |
K1474I00P0340 | Dell PowerFlex | Authentication | NFS exports minimum security |
K1474I00P0345 | Dell PowerFlex | Authentication | Secure NFS (Kerberos used) |
K1474I00P0360 | Dell PowerFlex | Authentication | Approved LDAP server |
K1474I00P0365 | Dell PowerFlex | Authentication | Approved IdP |
K1474I00P0370 | Dell PowerFlex | Authentication | Central authentication |
K1474I00P0375 | Dell PowerFlex | Authentication | MDM security policy |
K1474I00P0470 | Dell PowerFlex | Authentication | SDC authentication |
K1474I00P0535 | Dell PowerFlex | Authentication | SNMP V3 authentication |
K1474I00P0545 | Dell PowerFlex | Authentication | SNMP v2 Community String |
K1474I00P0565 | Dell PowerFlex | Authentication | Default password ( Web UI) |
K1474I00P0580 | Dell PowerFlex | Authentication | Default password |
K1474I00P0330 | Dell PowerFlex | Authorization | NFS Anon user/group mapping |
K1474I00P0495 | Dell PowerFlex | Authorization | Incorrect /var/lib/chrony folder permissions on the SVM |
K1474I00P0105 | Dell PowerFlex | Configuration Management | SDR self-signed certificate |
K1474I00P0110 | Dell PowerFlex | Configuration Management | SDR certificate expiry warning |
K1474I00P0115 | Dell PowerFlex | Configuration Management | SDR Certificate issuer |
K1474I00P0120 | Dell PowerFlex | Configuration Management | Approved SDR version |
K1474I00P0125 | Dell PowerFlex | Configuration Management | PowerFlex Gateway bypassCertificateCheck |
K1474I00P0135 | Dell PowerFlex | Configuration Management | initial license replaced |
K1474I00P0145 | Dell PowerFlex | Configuration Management | Approved SDS version |
K1474I00P0150 | Dell PowerFlex | Configuration Management | All MDM IP addresses are defined |
K1474I00P0155 | Dell PowerFlex | Configuration Management | SDS Cluster not in Maintenance |
K1474I00P0160 | Dell PowerFlex | Configuration Management | Correct DRL mode |
K1474I00P0165 | Dell PowerFlex | Configuration Management | MDM Cluster goodNodesNum |
K1474I00P0170 | Dell PowerFlex | Configuration Management | Healthy MDM Cluster State |
K1474I00P0240 | Dell PowerFlex | Configuration Management | LDAP SSL certificate expiration |
K1474I00P0245 | Dell PowerFlex | Configuration Management | MDM SSL certificate expiration |
K1474I00P0250 | Dell PowerFlex | Configuration Management | Appliance SSL certificate expiration |
K1474I00P0255 | Dell PowerFlex | Configuration Management | Approved issuer for LDAP server SSL certificate |
K1474I00P0260 | Dell PowerFlex | Configuration Management | Approved SSL certificate issuer (MDM) |
K1474I00P0265 | Dell PowerFlex | Configuration Management | Approved SSL certificate issuer |
K1474I00P0270 | Dell PowerFlex | Configuration Management | Self-signed LDAP certificate |
K1474I00P0275 | Dell PowerFlex | Configuration Management | Self signed appliance ssl certificate |
K1474I00P0280 | Dell PowerFlex | Configuration Management | MDM self-signed certificate check |
K1474I00P0290 | Dell PowerFlex | Configuration Management | Email policy settings |
K1474I00P0295 | Dell PowerFlex | Configuration Management | Email (smtp server) configuration |
K1474I00P0315 | Dell PowerFlex | Configuration Management | Approved DNS server |
K1474I00P0320 | Dell PowerFlex | Configuration Management | DNS server redundancy |
K1474I00P0325 | Dell PowerFlex | Configuration Management | DNS server configuration |
K1474I00P0350 | Dell PowerFlex | Configuration Management | Approved NFS version |
K1474I00P0355 | Dell PowerFlex | Configuration Management | Approved Directory Service Domain |
K1474I00P0410 | Dell PowerFlex | Configuration Management | Background device scanner |
K1474I00P0415 | Dell PowerFlex | Configuration Management | Enable Zero Padding Policy |
K1474I00P0475 | Dell PowerFlex | Configuration Management | SupportAssist through Proxy |
K1474I00P0480 | Dell PowerFlex | Configuration Management | Enable Remote Support |
K1474I00P0485 | Dell PowerFlex | Configuration Management | Connect to CloudIQ Enabled |
K1474I00P0490 | Dell PowerFlex | Configuration Management | SupportAssist enabled |
K1474I00P0540 | Dell PowerFlex | Configuration Management | SNMP version |
K1474I00P0570 | Dell PowerFlex | Configuration Management | NTP server redundancy |
K1474I00P0185 | Dell PowerFlex | Data Integrity | Enable Persistent Checksum on Read |
K1474I00P0235 | Dell PowerFlex | Data Integrity | SMB signing |
K1474I00P0420 | Dell PowerFlex | Data Integrity | Enable Persistent Checksum |
K1474I00P0425 | Dell PowerFlex | Data Integrity | Enable Inflight Checksum |
K1474I00P0220 | Dell PowerFlex | Data Protection | Snapshot retention |
K1474I00P0225 | Dell PowerFlex | Data Protection | Insufficient snapshots |
K1474I00P0226 | Dell PowerFlex | Data Protection | Remote replication |
K1474I00P0227 | Dell PowerFlex | Data Protection | System backup schedule |
K1474I00P0228 | Dell PowerFlex | Data Protection | System backup share access control |
K1474I00P0229 | Dell PowerFlex | Data Protection | Last successful system backup |
K1474I00P0130 | Dell PowerFlex | Encryption | PowerFlex Gateway allowNonSecureCommunication |
K1474I00P0200 | Dell PowerFlex | Encryption | Replication security: MDM to MDM encrypted communications |
K1474I00P0210 | Dell PowerFlex | Encryption | Data at-rest encryption |
K1474I00P0285 | Dell PowerFlex | Encryption | SCLI secure mode |
K1474I00P0310 | Dell PowerFlex | Encryption | LDAP SSL |
K1474I00P0380 | Dell PowerFlex | Encryption | TLS version |
K1474I00P0385 | Dell PowerFlex | Encryption | Management client secure communication |
K1474I00P0530 | Dell PowerFlex | Encryption | SNMP V3 privacy |
K1474I00P0525 | Dell PowerFlex | Hardening | MDM/SDS host FIPS compliance |
K1474I00P0140 | Dell PowerFlex | Health | Storage Pool Spare Capacity |
K1474I00P0440 | Dell PowerFlex | Logging | Required/Approved SYSLOG servers |
K1474I00P0510 | Dell PowerFlex | Logging | Syslog policy configuration |
K1474I00P0515 | Dell PowerFlex | Logging | Syslog policy settings |
K1474I00P0520 | Dell PowerFlex | Logging | External syslog server configuration |
K1474I00P0575 | Dell PowerFlex | Logging | NTP server configuration |
K1474I00P0190 | Dell PowerFlex | Malware Protection | CEPA Publisher configured for Ransomware detection |
K1474I00P0195 | Dell PowerFlex | Malware Protection | Enabled Fille Virus Checker |
K1474I00P0405 | Dell PowerFlex | Malware Protection | Use secure snapshots |
K1474I00P0430 | Dell PowerFlex | Services and Protocols | SMB version 1 is disabled |
K1474I00P0435 | Dell PowerFlex | Services and Protocols | Disable IPMI |
K1474I00P0450 | Dell PowerFlex | Services and Protocols | Required/Approved NTP servers |
K1474I00P0460 | Dell PowerFlex | Services and Protocols | Disable SNMP in your organization is not using SNMP |
K1474I00P0465 | Dell PowerFlex | Services and Protocols | SNMP monitoring |
And more. |
Interested to learn about StorageGuard secure configuration checks for PowerFlex?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.