This page provides a list of recommended secure configuration checks for Pure FlashArray, and is periodically updated. FlashArray from Pure Storage is an all-flash enterprise storage platform.
System | Category | Configuration check |
Pure FlashArray | Access Control | Account Lockout duration |
Pure FlashArray | Access Control | Account Lockout threshold |
Pure FlashArray | Access Control | Anonymous user SMB access is enabled |
Pure FlashArray | Access Control | API token_ttl settings |
Pure FlashArray | Access Control | Approved admin users / AD groups |
Pure FlashArray | Access Control | Approved API Clients |
Pure FlashArray | Access Control | Approved cloud offload targets |
Pure FlashArray | Access Control | Approved pure1 users |
Pure FlashArray | Access Control | Cloud offload enabled |
Pure FlashArray | Access Control | Idle session timeout |
Pure FlashArray | Access Control | Inactive users |
Pure FlashArray | Access Control | Non-default local users |
Pure FlashArray | Access Control | Remote support auto termination timeout |
Pure FlashArray | Access Control | RemoteAssist state |
Pure FlashArray | Audit | Audit logging status |
Pure FlashArray | Audit | External logging server |
Pure FlashArray | Audit | Lossless logging server protocol |
Pure FlashArray | Audit | NTP server configured |
Pure FlashArray | Audit | NTP server redundancy |
Pure FlashArray | Audit | Required NTP servers |
Pure FlashArray | Authentication | Authentication server configuration |
Pure FlashArray | Authentication | Authentication server redundancy |
Pure FlashArray | Authentication | CHAP authentication mode |
Pure FlashArray | Authentication | Default Passwords |
Pure FlashArray | Authentication | DS server authenticity enforcement |
Pure FlashArray | Authentication | iSCSI CHAP enabled |
Pure FlashArray | Authentication | Kerberos settings |
Pure FlashArray | Authentication | LDAP redundancy |
Pure FlashArray | Authentication | LDAP settings |
Pure FlashArray | Authentication | Minimum password length |
Pure FlashArray | Authentication | Multifactor authentication |
Pure FlashArray | Authentication | Pure1 mutual TLS authentication |
Pure FlashArray | Authentication | Rest API authentication |
Pure FlashArray | Authentication | SNMP authentication |
Pure FlashArray | Authentication | SNMP Authentication Protocol |
Pure FlashArray | Authentication | SNMP Community string |
Pure FlashArray | Authentication | SNMP user authentication |
Pure FlashArray | Authentication | SSO status |
Pure FlashArray | Authorization | NFS/SMB permission |
Pure FlashArray | Authorization | Root Squash disabled |
Pure FlashArray | Authorization | User role configuration |
Pure FlashArray | Backup and Recovery | Data retention period |
Pure FlashArray | Backup and Recovery | Off-Site Replication Configuration |
Pure FlashArray | Backup and Recovery | Secure erase holdout period |
Pure FlashArray | Backup and Recovery | Tenant replication allowed |
Pure FlashArray | Configuration Management | Approved snapshot offload targets |
Pure FlashArray | Configuration Management | Atime synchronization |
Pure FlashArray | Configuration Management | Banner configuration |
Pure FlashArray | Configuration Management | Central Certificate Authority (CA) status |
Pure FlashArray | Configuration Management | Certificate Algorithm |
Pure FlashArray | Configuration Management | Certificate expiry date |
Pure FlashArray | Configuration Management | Certificate key_size |
Pure FlashArray | Configuration Management | DNS server redundancy |
Pure FlashArray | Configuration Management | DNS service configuration |
Pure FlashArray | Configuration Management | Domain name settings |
Pure FlashArray | Configuration Management | Enabled applications |
Pure FlashArray | Configuration Management | KMIP/KMS server configuration |
Pure FlashArray | Configuration Management | Pure Storage FA SSMS Extension version |
Pure FlashArray | Configuration Management | Pure Storage FlashArray PowerShell SDK version |
Pure FlashArray | Configuration Management | PureStorage Unified Add-on for Splunk version |
Pure FlashArray | Configuration Management | Purity version |
Pure FlashArray | Configuration Management | Self-signed certificates |
Pure FlashArray | Configuration Management | SMIS status |
Pure FlashArray | Configuration Management | Snapshot offload enabled |
Pure FlashArray | Configuration Management | SNMP trap host configuration |
Pure FlashArray | Configuration Management | SSL certificate private key configuration |
Pure FlashArray | Data Integrity | SMB digital signing |
Pure FlashArray | Encryption | API used with SSL verification |
Pure FlashArray | Encryption | Data encryption algorithm strength |
Pure FlashArray | Encryption | Data at-rest encryption |
Pure FlashArray | Encryption | Phonehome HTTPS proxy |
Pure FlashArray | Encryption | Pure1 TLS level |
Pure FlashArray | Encryption | Secure LDAP |
Pure FlashArray | Encryption | SMTP with TLS (supported?) |
Pure FlashArray | Encryption | SNMP message privacy |
Pure FlashArray | Encryption | SSH cipher strength |
Pure FlashArray | Encryption | SSH MAC strength |
Pure FlashArray | Encryption | TLS Level |
Pure FlashArray | Hardening | CC-compliance mode |
Pure FlashArray | Hardening | Console lock status |
Pure FlashArray | Hardening | Pure SafeMode configuration |
Pure FlashArray | Hardening | Rapid Data Locking configuration |
Pure FlashArray | Hardening | Restricted shell |
Pure FlashArray | Monitoring | Automatic PHONE HOME Enabled |
Pure FlashArray | Monitoring | Mail (SMTP) settings |
Pure FlashArray | Monitoring | puresupport account configuration |
Pure FlashArray | Monitoring | Remote Support Status |
Pure FlashArray | Monitoring | Security email notification |
Pure FlashArray | Monitoring | SMTP server configuration |
Pure FlashArray | Monitoring | SNMP status |
Pure FlashArray | Services and Protocols | NFS Enabled |
Pure FlashArray | Services and Protocols | Pure1 Enabled |
Pure FlashArray | Services and Protocols | SNMP versions allowed |
... and more. |
NOTE: Secure configuration checks should be performed also for Pure1, FlashBlade, Pure PowerShell SDK and other related Pure components.
Interested to learn about StorageGuard secure configuration checks for Storage and Backup systems? |
Comments
0 comments
Please sign in to leave a comment.