This page provides a list of recommended secure configuration checks for Dell EMC Connectrix B-Series FC directors and switches, and is periodically updated.
Dell EMC Connectrix B-Series directors and switches connect servers and storage devices in a Storage Area Network (SAN).
System | Category | Configuration check |
Connectrix B-Series | Access Control | Access restriction by IP |
Connectrix B-Series | Access Control | Approved aaa servers |
Connectrix B-Series | Access Control | Approved DNS servers |
Connectrix B-Series | Access Control | Approved NTP Servers |
Connectrix B-Series | Access Control | Approved syslog servers |
Connectrix B-Series | Access Control | Banner status |
Connectrix B-Series | Access Control | Default users used |
Connectrix B-Series | Access Control | Default zone |
Connectrix B-Series | Access Control | FC security policies |
Connectrix B-Series | Access Control | G_port locking status |
Connectrix B-Series | Access Control | IPfilter status |
Connectrix B-Series | Access Control | Motd status |
Connectrix B-Series | Access Control | Prevent ports from becoming E_Ports |
Connectrix B-Series | Access Control | Session timeout |
Connectrix B-Series | Access Control | SNMP Access Control List |
Connectrix B-Series | Access Control | Unused ports not disabled (persistently) |
Connectrix B-Series | Access Control | Zone member identification type |
Connectrix B-Series | Audit | Audit log content |
Connectrix B-Series | Audit | Audit logging status |
Connectrix B-Series | Audit | Centralized log server |
Connectrix B-Series | Audit | Centralized log server redundancy |
Connectrix B-Series | Audit | Event types enabled for audit logging |
Connectrix B-Series | Audit | NTP configuration |
Connectrix B-Series | Audit | NTP server redundancy |
Connectrix B-Series | Audit | Required NTP Servers |
Connectrix B-Series | Audit | Required syslog servers |
Connectrix B-Series | Authentication | Account lockout threshold |
Connectrix B-Series | Authentication | Allow username in passwords |
Connectrix B-Series | Authentication | Authentication (aaa) server configuration |
Connectrix B-Series | Authentication | Authentication hash algorithm |
Connectrix B-Series | Authentication | Authentication server redundancy |
Connectrix B-Series | Authentication | Certificate validation mode |
Connectrix B-Series | Authentication | Default passwords |
Connectrix B-Series | Authentication | Default passwords (disabled account) |
Connectrix B-Series | Authentication | Device Authentication Policy |
Connectrix B-Series | Authentication | Last password change |
Connectrix B-Series | Authentication | Lockout enforcement for admin |
Connectrix B-Series | Authentication | Maximum length of sequential character sequences |
Connectrix B-Series | Authentication | Maximum number of repeated password characters |
Connectrix B-Series | Authentication | Maximum password age |
Connectrix B-Series | Authentication | Minimum account lockout duration |
Connectrix B-Series | Authentication | Minimum password age |
Connectrix B-Series | Authentication | Minimum password digits |
Connectrix B-Series | Authentication | Minimum password length |
Connectrix B-Series | Authentication | Minimum password lowercase characters |
Connectrix B-Series | Authentication | Minimum password special characters |
Connectrix B-Series | Authentication | Minimum password string change |
Connectrix B-Series | Authentication | Minimum password uppercase characters |
Connectrix B-Series | Authentication | Number of disallowed past passwords |
Connectrix B-Series | Authentication | Password hash strength |
Connectrix B-Series | Authentication | Password reverse check |
Connectrix B-Series | Authentication | Past passwords check is enabled |
Connectrix B-Series | Authentication | PWD policy status |
Connectrix B-Series | Authentication | Required aaa servers |
Connectrix B-Series | Authentication | SNMP community default string |
Connectrix B-Series | Authentication | SNMP community default string (ro) |
Connectrix B-Series | Authentication | SNMP user authentication |
Connectrix B-Series | Authentication | Switch authentication policy |
Connectrix B-Series | Authorization | LDAP mapping to role |
Connectrix B-Series | Authorization | User role configuration |
Connectrix B-Series | Authorization | Users not assigned with roles |
Connectrix B-Series | Configuration Management | DNS server redundancy |
Connectrix B-Series | Configuration Management | DNS service status |
Connectrix B-Series | Configuration Management | ESRS configuration |
Connectrix B-Series | Configuration Management | Fabric wide consistency policy |
Connectrix B-Series | Configuration Management | Firmware integrity check |
Connectrix B-Series | Configuration Management | Remote support status |
Connectrix B-Series | Configuration Management | Required DNS servers |
Connectrix B-Series | Configuration Management | Single HBA zoning |
Connectrix B-Series | Configuration Management | Tape and disk separate zones |
Connectrix B-Series | Configuration Management | Target Fabric OS (FOS) release |
Connectrix B-Series | Configuration Management | TCP timestamps |
Connectrix B-Series | Encryption | Cipher strength |
Connectrix B-Series | Encryption | HTTPS cipher strength |
Connectrix B-Series | Encryption | LDAP SSL |
Connectrix B-Series | Encryption | Secure upload/download |
Connectrix B-Series | Encryption | SNMP security level |
Connectrix B-Series | Encryption | SSH cipher strength |
Connectrix B-Series | Encryption | SSH KEX strength |
Connectrix B-Series | Encryption | SSH MAC strength |
Connectrix B-Series | Encryption | TLS security level |
Connectrix B-Series | Hardening | FIPS mode |
Connectrix B-Series | Hardening | FIPS verification |
Connectrix B-Series | Hardening | Root access |
Connectrix B-Series | Monitoring | Active MAPS policy |
Connectrix B-Series | Monitoring | Email notification |
Connectrix B-Series | Monitoring | Security monitoring rules |
Connectrix B-Series | Services and Protocols | FTP status |
Connectrix B-Series | Services and Protocols | HTTP service status |
Connectrix B-Series | Services and Protocols | REST API status |
Connectrix B-Series | Services and Protocols | SNMP versions enabled |
Connectrix B-Series | Services and Protocols | Telnet service status |
Connectrix B-Series | Services and Protocols | Unused port status |
... and more. |
NOTE: Other than B-Series Fabric OS (FOS), additional security baseline checks should be performed against Dell EMC management products such as Network Advisor, SANnav and other B-Series software components.
Interested to learn about StorageGuard secure configuration checks for Storage and Backup systems? |
Comments
0 comments
Please sign in to leave a comment.