Articles in this section

Dell EMC Connectrix B-Series: Recommended Security Baseline Checks

Avatar
Oz Gabriely
  • Updated

This page provides a list of recommended secure configuration checks for Dell EMC Connectrix B-Series FC directors and switches, and is periodically updated.

Dell EMC Connectrix B-Series directors and switches connect servers and storage devices in a Storage Area Network (SAN).

System Category Configuration check
Connectrix B-Series Access Control Access restriction by IP
Connectrix B-Series Access Control Approved aaa servers
Connectrix B-Series Access Control Approved DNS servers
Connectrix B-Series Access Control Approved NTP Servers
Connectrix B-Series Access Control Approved syslog servers
Connectrix B-Series Access Control Banner status
Connectrix B-Series Access Control Default users used
Connectrix B-Series Access Control Default zone
Connectrix B-Series Access Control FC security policies
Connectrix B-Series Access Control G_port locking status
Connectrix B-Series Access Control IPfilter status
Connectrix B-Series Access Control Motd status
Connectrix B-Series Access Control Prevent ports from becoming E_Ports
Connectrix B-Series Access Control Session timeout
Connectrix B-Series Access Control SNMP Access Control List
Connectrix B-Series Access Control Unused ports not disabled (persistently)
Connectrix B-Series Access Control Zone member identification type
Connectrix B-Series Audit Audit log content
Connectrix B-Series Audit Audit logging status
Connectrix B-Series Audit Centralized log server
Connectrix B-Series Audit Centralized log server redundancy
Connectrix B-Series Audit Event types enabled for audit logging
Connectrix B-Series Audit NTP configuration
Connectrix B-Series Audit NTP server redundancy
Connectrix B-Series Audit Required NTP Servers
Connectrix B-Series Audit Required syslog servers
Connectrix B-Series Authentication Account lockout threshold
Connectrix B-Series Authentication Allow username in passwords
Connectrix B-Series Authentication Authentication (aaa) server configuration
Connectrix B-Series Authentication Authentication hash algorithm
Connectrix B-Series Authentication Authentication server redundancy
Connectrix B-Series Authentication Certificate validation mode
Connectrix B-Series Authentication Default passwords
Connectrix B-Series Authentication Default passwords (disabled account)
Connectrix B-Series Authentication Device Authentication Policy
Connectrix B-Series Authentication Last password change
Connectrix B-Series Authentication Lockout enforcement for admin
Connectrix B-Series Authentication Maximum length of sequential character sequences
Connectrix B-Series Authentication Maximum number of repeated password characters
Connectrix B-Series Authentication Maximum password age
Connectrix B-Series Authentication Minimum account lockout duration
Connectrix B-Series Authentication Minimum password age
Connectrix B-Series Authentication Minimum password digits
Connectrix B-Series Authentication Minimum password length
Connectrix B-Series Authentication Minimum password lowercase characters
Connectrix B-Series Authentication Minimum password special characters
Connectrix B-Series Authentication Minimum password string change
Connectrix B-Series Authentication Minimum password uppercase characters
Connectrix B-Series Authentication Number of disallowed past passwords
Connectrix B-Series Authentication Password hash strength
Connectrix B-Series Authentication Password reverse check
Connectrix B-Series Authentication Past passwords check is enabled
Connectrix B-Series Authentication PWD policy status
Connectrix B-Series Authentication Required aaa servers
Connectrix B-Series Authentication SNMP community default string
Connectrix B-Series Authentication SNMP community default string (ro)
Connectrix B-Series Authentication SNMP user authentication
Connectrix B-Series Authentication Switch authentication policy
Connectrix B-Series Authorization LDAP mapping to role
Connectrix B-Series Authorization User role configuration
Connectrix B-Series Authorization Users not assigned with roles
Connectrix B-Series Configuration Management DNS server redundancy
Connectrix B-Series Configuration Management DNS service status
Connectrix B-Series Configuration Management ESRS configuration
Connectrix B-Series Configuration Management Fabric wide consistency policy
Connectrix B-Series Configuration Management Firmware integrity check
Connectrix B-Series Configuration Management Remote support status
Connectrix B-Series Configuration Management Required DNS servers
Connectrix B-Series Configuration Management Single HBA zoning
Connectrix B-Series Configuration Management Tape and disk separate zones
Connectrix B-Series Configuration Management Target Fabric OS (FOS) release
Connectrix B-Series Configuration Management TCP timestamps
Connectrix B-Series Encryption Cipher strength
Connectrix B-Series Encryption HTTPS cipher strength
Connectrix B-Series Encryption LDAP SSL
Connectrix B-Series Encryption Secure upload/download
Connectrix B-Series Encryption SNMP security level
Connectrix B-Series Encryption SSH cipher strength
Connectrix B-Series Encryption SSH KEX strength
Connectrix B-Series Encryption SSH MAC strength
Connectrix B-Series Encryption TLS security level
Connectrix B-Series Hardening FIPS mode
Connectrix B-Series Hardening FIPS verification
Connectrix B-Series Hardening Root access
Connectrix B-Series Monitoring Active MAPS policy
Connectrix B-Series Monitoring Email notification
Connectrix B-Series Monitoring Security monitoring rules
Connectrix B-Series Services and Protocols FTP status
Connectrix B-Series Services and Protocols HTTP service status
Connectrix B-Series Services and Protocols REST API status
Connectrix B-Series Services and Protocols SNMP versions enabled
Connectrix B-Series Services and Protocols Telnet service status
Connectrix B-Series Services and Protocols Unused port status
... and more.    

NOTE: Other than B-Series Fabric OS (FOS), additional security baseline checks should be performed against Dell EMC management products such as Network Advisor, SANnav and other B-Series software components.

 

Interested to learn about StorageGuard secure configuration checks for Storage and Backup systems? 

CONTACT US - Our team will be happy to assist you

 

Related articles

Comments

0 comments

Please sign in to leave a comment.