Articles in this section

Dell EMC Connectrix B-Series: Recommended Security Baseline Checks

Avatar
Oz Gabriely
  • Updated

This page provides a list of recommended secure configuration checks for Dell EMC Connectrix B-Series directors and switches, and is periodically updated. Connectrix B-Series directors and switches connect servers and storage devices in a Storage Area Network (SAN).

ID System Category Configuration check
K0204I0MP100 Connectrix B-Series Access Control Access restriction by IP
K0204I000105 Connectrix B-Series Access Control Approved aaa servers
K0604I00P110 Connectrix B-Series Access Control Approved DNS servers
K0604I0MP115 Connectrix B-Series Access Control Approved NTP Servers
K0604I000120 Connectrix B-Series Access Control Approved syslog servers
K0604I0MP125 Connectrix B-Series Access Control Banner status
K0604I00P130 Connectrix B-Series Access Control Default users used
K060400M0135 Connectrix B-Series Access Control Default zone
K0604I00P140 Connectrix B-Series Access Control FC security policies
K0604I0MP145 Connectrix B-Series Access Control G_port locking status
K0604I0M0150 Connectrix B-Series Access Control IPfilter status
K0604I0MP155 Connectrix B-Series Access Control Motd status
K0604I0M0160 Connectrix B-Series Access Control Prevent ports from becoming E_Ports
K0604I0MP165 Connectrix B-Series Access Control Session timeout
K0604I0M0170 Connectrix B-Series Access Control SNMP Access Control List
K0604I0M0175 Connectrix B-Series Access Control Unused ports not disabled (persistently)
K0204I0M0180 Connectrix B-Series Access Control Zone member identification type
K0204I0MP185 Connectrix B-Series Audit Logging Audit log content
K1504I0MP190 Connectrix B-Series Audit Logging Audit logging status
K1504I0MP195 Connectrix B-Series Audit Logging Centralized log server
K1504I00P200 Connectrix B-Series Audit Logging Centralized log server redundancy
K1504I0MP205 Connectrix B-Series Audit Logging Event types enabled for audit logging
K1504I0MP210 Connectrix B-Series Audit Logging NTP configuration
K1504I0M0215 Connectrix B-Series Audit Logging NTP server redundancy
K1504I0MP220 Connectrix B-Series Audit Logging Required NTP Servers
K1504I00P225 Connectrix B-Series Audit Logging Required syslog servers
K1504I0M0230 Connectrix B-Series Authentication Account lockout threshold
K1504I0MP235 Connectrix B-Series Authentication Allow username in passwords
K1504I0M0240 Connectrix B-Series Authentication Authentication (aaa) server configuration
K150400MP245 Connectrix B-Series Authentication Authentication hash algorithm
K1504I0MP250 Connectrix B-Series Authentication Authentication server redundancy
K0204I00P255 Connectrix B-Series Authentication Certificate validation mode
K0204I00P260 Connectrix B-Series Authentication Default passwords
K0704I0MP265 Connectrix B-Series Authentication Default passwords (disabled account)
K0704I0MP270 Connectrix B-Series Authentication Device Authentication Policy
K0704I0MP275 Connectrix B-Series Authentication Last password change
K0704I0M0280 Connectrix B-Series Authentication Lockout enforcement for admin
K0704I0MP285 Connectrix B-Series Authentication Maximum length of sequential character sequences
K07040000290 Connectrix B-Series Authentication Maximum number of repeated password characters
K0704I0MP295 Connectrix B-Series Authentication Maximum password age
K0704I00P300 Connectrix B-Series Authentication Minimum account lockout duration
K0704I0MP305 Connectrix B-Series Authentication Minimum password age
K0704I0MP310 Connectrix B-Series Authentication Minimum password digits
K0704I0M0315 Connectrix B-Series Authentication Minimum password length
K0704I0MP320 Connectrix B-Series Authentication Minimum password lowercase characters
K0704I0MP325 Connectrix B-Series Authentication Minimum password special characters
K0704I0M0330 Connectrix B-Series Authentication Minimum password string change
K0704I0MP335 Connectrix B-Series Authentication Minimum password uppercase characters
K0204I0MP340 Connectrix B-Series Authentication Number of disallowed past passwords
K0204I0MP345 Connectrix B-Series Authentication Password hash strength
K0204I0M0350 Connectrix B-Series Authentication Password reverse check
K0904I0MP355 Connectrix B-Series Authentication Past passwords check is enabled
K0904I00P360 Connectrix B-Series Authentication PWD policy status
K0904I0MP365 Connectrix B-Series Authentication Required aaa servers
K0904I0M0370 Connectrix B-Series Authentication SNMP community default string
K0904I0MP375 Connectrix B-Series Authentication SNMP community default string (ro)
K0904I0MP380 Connectrix B-Series Authentication SNMP user authentication
K0904I0MP385 Connectrix B-Series Authentication Switch authentication policy
K090400M0390 Connectrix B-Series Authorization LDAP mapping to role
K0904I0MP395 Connectrix B-Series Authorization User role configuration
K0904I0MP400 Connectrix B-Series Authorization Users not assigned with roles
K0904I00P405 Connectrix B-Series Configuration Management DNS server redundancy
K0904I0MP410 Connectrix B-Series Configuration Management DNS service status
K0904I0M0415 Connectrix B-Series Configuration Management Fabric wide consistency policy
K0904I0MP420 Connectrix B-Series Configuration Management Firmware integrity check
K0904I0M0425 Connectrix B-Series Configuration Management Remote support status
K0904I0MP430 Connectrix B-Series Configuration Management Required DNS servers
K0904I0MP435 Connectrix B-Series Configuration Management Single HBA zoning
K0904I0MP440 Connectrix B-Series Configuration Management Tape and disk separate zones
K0904I0MP445 Connectrix B-Series Configuration Management Target Fabric OS (FOS) release
K0904I00P450 Connectrix B-Series Configuration Management TCP timestamps
K0904I0MP455 Connectrix B-Series Encryption Cipher strength
K0204I00P460 Connectrix B-Series Encryption HTTPS cipher strength
K0204I00P465 Connectrix B-Series Encryption LDAP SSL
K030400MP470 Connectrix B-Series Encryption Secure upload/download
K0304I0MP475 Connectrix B-Series Encryption SNMP security level
K0304I0MP480 Connectrix B-Series Encryption SSH cipher strength
K0304I00P485 Connectrix B-Series Encryption SSH KEX strength
K0304I0M0490 Connectrix B-Series Encryption SSH MAC strength
K0304I0MP495 Connectrix B-Series Encryption TLS security level
K0304I0MP500 Connectrix B-Series Hardening FIPS mode
K0304I0MP505 Connectrix B-Series Hardening FIPS verification
K0304I0MP510 Connectrix B-Series Hardening Root access
K0304I00P515 Connectrix B-Series Monitoring Active MAPS policy
K0204I0M0520 Connectrix B-Series Monitoring Email notification
K0204I00P525 Connectrix B-Series Monitoring Security monitoring rules
K0204I0MP530 Connectrix B-Series Services and Protocols FTP status
K0204I00P535 Connectrix B-Series Services and Protocols HTTP service status
K020400MP540 Connectrix B-Series Services and Protocols REST API status
K0204I0MP545 Connectrix B-Series Services and Protocols SNMP versions enabled
K0204I0M0550 Connectrix B-Series Services and Protocols Telnet service status
K0204I0MP555 Connectrix B-Series Services and Protocols Unused port status
... and more.    

NOTE: Other than the Connectrix Fabric OS (FOS), additional security baseline checks should be performed against Dell management products such as Network Advisor, SANnav and other Dell software components.

 

Interested to learn about StorageGuard Security Posture Management for Connectrix B-Series? 

 

 

Contact us

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.