This page provides a list of recommended secure configuration checks for Cisco MDS SAN directors and switches, and is periodically updated. Cisco MDS storage networking switches connect servers and storage devices in a Storage Area Network (SAN).
Interested to learn about StorageGuard Benchmark Checks for Cisco SAN? |
||
|
|
ID | System | Category | Configuration check |
K0319000P100 | Cisco MDS | Access Control | Absolute session timeout |
K03190000105 | Cisco MDS | Access Control | Banner (motd) status |
K0319000P110 | Cisco MDS | Access Control | Banner (motd) message |
K0819000P115 | Cisco MDS | Access Control | Default FC port mode |
K0319000P120 | Cisco MDS | Access Control | Default port state |
K0319000P125 | Cisco MDS | Access Control | Default zone policy |
K0319000P130 | Cisco MDS | Access Control | Fabric binding state |
K021900MP135 | Cisco MDS | Access Control | Fabric-binding activated |
K0219000P140 | Cisco MDS | Access Control | FC-CT management status |
K0219000P145 | Cisco MDS | Access Control | Idle session timeout |
K0219000P150 | Cisco MDS | Access Control | IP ACL configuration |
K0219000P155 | Cisco MDS | Access Control | Iscsi initiator idle-timeout |
K0219000P160 | Cisco MDS | Access Control | Non-default local users |
K0219000P165 | Cisco MDS | Access Control | Port security activated for VSAN |
K0219000P170 | Cisco MDS | Access Control | Port security distribution |
K0219000P175 | Cisco MDS | Access Control | Port security feature status |
K0219000P180 | Cisco MDS | Access Control | SAN Fabric zone member identification |
K0219000P185 | Cisco MDS | Access Control | Unused zone members |
K0219000P190 | Cisco MDS | Access Control | Unused zones |
K02190000195 | Cisco MDS | Access Control | VSAN security auto-learning |
K021900MP200 | Cisco MDS | Audit | Approved NTP servers |
K0219000P205 | Cisco MDS | Audit | Approved syslog servers |
K0219000P210 | Cisco MDS | Audit | Audit logging status |
K0319000P215 | Cisco MDS | Audit | Centralized log server |
K0319000P220 | Cisco MDS | Audit | Event types enabled for audit logging |
K0319000P225 | Cisco MDS | Audit | External syslog server redundancy |
K0319000P230 | Cisco MDS | Audit | NTP server redundancy |
K0219000P235 | Cisco MDS | Audit | NTP service status |
K0319000P240 | Cisco MDS | Audit | Required NTP servers |
K0319000P245 | Cisco MDS | Audit | Required syslog servers |
K0519000P250 | Cisco MDS | Authentication | aaa configuration |
K051900MP255 | Cisco MDS | Authentication | Account lockout duration enforcement |
K0519000P260 | Cisco MDS | Authentication | Account lockout threshold |
K0519000P265 | Cisco MDS | Authentication | Account lockout threshold enforcement |
K0519000P270 | Cisco MDS | Authentication | Approved Identity (RADIUS) provider servers |
K0519000P275 | Cisco MDS | Authentication | Approved Identity (TACACS+) provider servers |
K05190000280 | Cisco MDS | Authentication | Approved Identity provider (LDAP) servers |
K0519000P285 | Cisco MDS | Authentication | Authentication server configuration |
K051900MP290 | Cisco MDS | Authentication | Authentication server redundancy |
K0519000P295 | Cisco MDS | Authentication | Default passwords |
K0519000P300 | Cisco MDS | Authentication | DHCHAP authentication timeout |
K0519000P305 | Cisco MDS | Authentication | DHCHAP DH group |
K0519000P310 | Cisco MDS | Authentication | DHCHAP hash algorithm |
K071900MP315 | Cisco MDS | Authentication | DHCHAP mode |
K051900MP320 | Cisco MDS | Authentication | FCSP (DHCHAP) status |
K071900MP316 | Cisco MDS | Authentication | LDAP server Redundancy |
K051900MP321 | Cisco MDS | Authentication | Maximum password age |
K071900MP317 | Cisco MDS | Authentication | Maximum password lifetime |
K051900M0322 | Cisco MDS | Authentication | Minimum account lockout duration |
K071900MP318 | Cisco MDS | Authentication | Minimum password length |
K051900MP323 | Cisco MDS | Authentication | Password change grace time |
K071900MP319 | Cisco MDS | Authentication | Password change security |
K051900MP324 | Cisco MDS | Authentication | Required Identity provider (LDAP) servers |
K071900MP320 | Cisco MDS | Authentication | Required Identity provider (RADIUS) servers |
K051900MP325 | Cisco MDS | Authentication | Required Identity provider (TACACS+) servers |
K071900MP321 | Cisco MDS | Authentication | SNMP community default string |
K051900MP326 | Cisco MDS | Authentication | SNMP user authentication |
K071900MP322 | Cisco MDS | Authentication | Strong dhchap secret |
K051900MP327 | Cisco MDS | Authentication | Watch-for-login-attacks feature |
K071900MP323 | Cisco MDS | Authorization | Approved admin users / groups |
K051900MP328 | Cisco MDS | Authorization | Default role configuration |
K071900MP324 | Cisco MDS | Authorization | User role association |
K051900MP329 | Cisco MDS | Authorization | User role configuration |
K071900MP325 | Cisco MDS | Backup and Recovery | Configuration backup |
K051900MP330 | Cisco MDS | Configuration Management | Approved DNS servers |
K071900M0326 | Cisco MDS | Configuration Management | Approved OS release installed |
K051900MP331 | Cisco MDS | Configuration Management | DNS server redundancy |
K1419000P435 | Cisco MDS | Configuration Management | DNS service status |
K1419000P440 | Cisco MDS | Configuration Management | ENTERPRISE_PKG license |
K1419000P445 | Cisco MDS | Configuration Management | Persistent port security configuration |
K1419000P450 | Cisco MDS | Configuration Management | Power Supply Mode |
K1419000P455 | Cisco MDS | Configuration Management | Remote support configuration |
K0319000P460 | Cisco MDS | Configuration Management | Remote Support status |
K0319000P465 | Cisco MDS | Configuration Management | Required DNS servers |
K0319000P470 | Cisco MDS | Configuration Management | Target Cisco MDS software release |
K0319000P475 | Cisco MDS | Encryption | Central Certificate Authority (CA) status |
K0319000P480 | Cisco MDS | Encryption | Certificate issuer |
K0319000P485 | Cisco MDS | Encryption | Certificate signature algorithm |
K0319000P490 | Cisco MDS | Encryption | Certificate validity |
K0319000P495 | Cisco MDS | Encryption | CRL configuration |
K0319000P500 | Cisco MDS | Encryption | ESP mode |
K0319000P505 | Cisco MDS | Encryption | ESP status |
K0319000P510 | Cisco MDS | Encryption | ike status |
K0319000P515 | Cisco MDS | Encryption | ike version |
K0319000P520 | Cisco MDS | Encryption | IPSec authentication method |
K03190000525 | Cisco MDS | Encryption | IPsec configuration |
K1819000P530 | Cisco MDS | Encryption | IPSec hash algorithm |
K1819I00P535 | Cisco MDS | Encryption | IPSec keepalive |
K1819I00P540 | Cisco MDS | Encryption | IPSec lifetime |
K1819I00P545 | Cisco MDS | Encryption | IPSec policy |
K1819I00P550 | Cisco MDS | Encryption | Key type |
K1819I00P555 | Cisco MDS | Encryption | password hash strength |
K1819I00P560 | Cisco MDS | Encryption | Password strength enforcement |
K1819I00P565 | Cisco MDS | Encryption | Self-signed certificate |
K1819I00P570 | Cisco MDS | Encryption | SNMP message privacy enforcement |
K1819I00P575 | Cisco MDS | Encryption | SNMP user privacy |
K1819I00P580 | Cisco MDS | Encryption | SSH key bitcount |
K1819I00P585 | Cisco MDS | Encryption | SSL certificate status |
K1819I00P590 | Cisco MDS | Encryption | Strong password encryption |
K1819I00P595 | Cisco MDS | Encryption | TLS level check |
K1819I00P600 | Cisco MDS | Encryption | Weak key exchange algorithms are disabled |
K1819I00P605 | Cisco MDS | Encryption | Weak SSH ciphers are disabled |
K0319000P610 | Cisco MDS | Encryption | Weak SSH MACs are disabled |
K0319000P615 | Cisco MDS | Hardening | FIPS mode status |
K0319000P620 | Cisco MDS | Services and Protocols | HTTP service status |
K0319000P625 | Cisco MDS | Services and Protocols | SCP status |
K03190000630 | Cisco MDS | Services and Protocols | SFTP status |
K0319000P635 | Cisco MDS | Services and Protocols | SNMP status |
K03190000640 | Cisco MDS | Services and Protocols | SNMP versions enabled |
K1319000P645 | Cisco MDS | Services and Protocols | SSH login attempts |
K0319000P650 | Cisco MDS | Services and Protocols | SSHv1 status |
K03190000655 | Cisco MDS | Services and Protocols | Telnet service status |
K0919000P660 | Cisco MDS | Services and Protocols | TFTP/FTP status |
... and more. |
NOTE: Additional security baseline checks should be performed against Cisco Nexus Dashboard Fabric Controller, Cisco UCS Manager, Cisco Data Center Network Manager (DCNM), Cisco Nexus switches and other Cisco components.
Interested to learn about StorageGuard Security Posture Management for Cisco Storage switches?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.