This page provides a list of recommended secure configuration checks for Broadcom Brocade Fibre Channel directors and switches, and is periodically updated. Brocade Fibre Channel directors and switches (and OEMs) connect servers and storage devices in a Storage Area Network (SAN).
ID | System | Category | Configuration check |
K0204I0MP100 | Brocade Director / Switch | Access Control | Access restriction by IP |
K0204I000105 | Brocade Director / Switch | Access Control | Approved aaa servers |
K0604I00P110 | Brocade Director / Switch | Access Control | Approved DNS servers |
K0604I0MP115 | Brocade Director / Switch | Access Control | Approved NTP Servers |
K0604I000120 | Brocade Director / Switch | Access Control | Approved syslog servers |
K0604I0MP125 | Brocade Director / Switch | Access Control | Banner status |
K0604I00P130 | Brocade Director / Switch | Access Control | Default users used |
K060400M0135 | Brocade Director / Switch | Access Control | Default zone |
K0604I00P140 | Brocade Director / Switch | Access Control | FC security policies |
K0604I0MP145 | Brocade Director / Switch | Access Control | G_port locking status |
K0604I0M0150 | Brocade Director / Switch | Access Control | IPfilter status |
K0604I0MP155 | Brocade Director / Switch | Access Control | Motd status |
K0604I0M0160 | Brocade Director / Switch | Access Control | Prevent ports from becoming E_Ports |
K0604I0MP165 | Brocade Director / Switch | Access Control | Session timeout |
K0604I0M0170 | Brocade Director / Switch | Access Control | SNMP Access Control List |
K0604I0M0175 | Brocade Director / Switch | Access Control | Unused ports not disabled (persistently) |
K0204I0M0180 | Brocade Director / Switch | Access Control | Zone member identification type |
K0204I0MP185 | Brocade Director / Switch | Audit Logging | Audit log content |
K1504I0MP190 | Brocade Director / Switch | Audit Logging | Audit logging status |
K1504I0MP195 | Brocade Director / Switch | Audit Logging | Centralized log server |
K1504I00P200 | Brocade Director / Switch | Audit Logging | Centralized log server redundancy |
K1504I0MP205 | Brocade Director / Switch | Audit Logging | Event types enabled for audit logging |
K1504I0MP210 | Brocade Director / Switch | Audit Logging | NTP configuration |
K1504I0M0215 | Brocade Director / Switch | Audit Logging | NTP server redundancy |
K1504I0MP220 | Brocade Director / Switch | Audit Logging | Required NTP Servers |
K1504I00P225 | Brocade Director / Switch | Audit Logging | Required syslog servers |
K1504I0M0230 | Brocade Director / Switch | Authentication | Account lockout threshold |
K1504I0MP235 | Brocade Director / Switch | Authentication | Allow username in passwords |
K1504I0M0240 | Brocade Director / Switch | Authentication | Authentication (aaa) server configuration |
K150400MP245 | Brocade Director / Switch | Authentication | Authentication hash algorithm |
K1504I0MP250 | Brocade Director / Switch | Authentication | Authentication server redundancy |
K0204I00P255 | Brocade Director / Switch | Authentication | Certificate validation mode |
K0204I00P260 | Brocade Director / Switch | Authentication | Default passwords |
K0704I0MP265 | Brocade Director / Switch | Authentication | Default passwords (disabled account) |
K0704I0MP270 | Brocade Director / Switch | Authentication | Device Authentication Policy |
K0704I0MP275 | Brocade Director / Switch | Authentication | Last password change |
K0704I0M0280 | Brocade Director / Switch | Authentication | Lockout enforcement for admin |
K0704I0MP285 | Brocade Director / Switch | Authentication | Maximum length of sequential character sequences |
K07040000290 | Brocade Director / Switch | Authentication | Maximum number of repeated password characters |
K0704I0MP295 | Brocade Director / Switch | Authentication | Maximum password age |
K0704I00P300 | Brocade Director / Switch | Authentication | Minimum account lockout duration |
K0704I0MP305 | Brocade Director / Switch | Authentication | Minimum password age |
K0704I0MP310 | Brocade Director / Switch | Authentication | Minimum password digits |
K0704I0M0315 | Brocade Director / Switch | Authentication | Minimum password length |
K0704I0MP320 | Brocade Director / Switch | Authentication | Minimum password lowercase characters |
K0704I0MP325 | Brocade Director / Switch | Authentication | Minimum password special characters |
K0704I0M0330 | Brocade Director / Switch | Authentication | Minimum password string change |
K0704I0MP335 | Brocade Director / Switch | Authentication | Minimum password uppercase characters |
K0204I0MP340 | Brocade Director / Switch | Authentication | Number of disallowed past passwords |
K0204I0MP345 | Brocade Director / Switch | Authentication | Password hash strength |
K0204I0M0350 | Brocade Director / Switch | Authentication | Password reverse check |
K0904I0MP355 | Brocade Director / Switch | Authentication | Past passwords check is enabled |
K0904I00P360 | Brocade Director / Switch | Authentication | PWD policy status |
K0904I0MP365 | Brocade Director / Switch | Authentication | Required aaa servers |
K0904I0M0370 | Brocade Director / Switch | Authentication | SNMP community default string |
K0904I0MP375 | Brocade Director / Switch | Authentication | SNMP community default string (ro) |
K0904I0MP380 | Brocade Director / Switch | Authentication | SNMP user authentication |
K0904I0MP385 | Brocade Director / Switch | Authentication | Switch authentication policy |
K090400M0390 | Brocade Director / Switch | Authorization | LDAP mapping to role |
K0904I0MP395 | Brocade Director / Switch | Authorization | User role configuration |
K0904I0MP400 | Brocade Director / Switch | Authorization | Users not assigned with roles |
K0904I00P402 | Brocade Director / Switch | Configuration Management | Buffer optimized mode |
K0904I00P405 | Brocade Director / Switch | Configuration Management | DNS server redundancy |
K0904I0MP410 | Brocade Director / Switch | Configuration Management | DNS service status |
K0904I0M0415 | Brocade Director / Switch | Configuration Management | Fabric wide consistency policy |
K0904I0MP420 | Brocade Director / Switch | Configuration Management | Firmware integrity check |
K0904I0M0425 | Brocade Director / Switch | Configuration Management | Remote support status |
K0904I0MP430 | Brocade Director / Switch | Configuration Management | Required DNS servers |
K0904I0MP435 | Brocade Director / Switch | Configuration Management | Single HBA zoning |
K0904I0MP440 | Brocade Director / Switch | Configuration Management | Tape and disk separate zones |
K0904I0MP445 | Brocade Director / Switch | Configuration Management | Target Fabric OS (FOS) release |
K0904I00P450 | Brocade Director / Switch | Configuration Management | TCP timestamps |
K0904I00P452 | Brocade Director / Switch | Configuration Management | Correct timezone |
K0904I00P454 | Brocade Director / Switch | Configuration Management | Routing Table Entry policy |
K0904I0MP455 | Brocade Director / Switch | Encryption | Cipher strength |
K0204I00P460 | Brocade Director / Switch | Encryption | HTTPS cipher strength |
K0204I00P465 | Brocade Director / Switch | Encryption | LDAP SSL |
K030400MP470 | Brocade Director / Switch | Encryption | Secure upload/download |
K0304I0MP475 | Brocade Director / Switch | Encryption | SNMP security level |
K0304I0MP480 | Brocade Director / Switch | Encryption | SSH cipher strength |
K0304I00P485 | Brocade Director / Switch | Encryption | SSH KEX strength |
K0304I0M0490 | Brocade Director / Switch | Encryption | SSH MAC strength |
K0304I0MP495 | Brocade Director / Switch | Encryption | TLS security level |
K0304I0MP500 | Brocade Director / Switch | Hardening | FIPS mode |
K0304I0MP505 | Brocade Director / Switch | Hardening | FIPS verification |
K0304I0MP510 | Brocade Director / Switch | Hardening | Root access |
K0304I00P515 | Brocade Director / Switch | Monitoring | Active MAPS policy |
K0204I0M0520 | Brocade Director / Switch | Monitoring | Email notification |
K0204I00P525 | Brocade Director / Switch | Monitoring | Security monitoring rules |
K0204I00P527 | Brocade Director / Switch | Monitoring | SNMP minimum storage alerts level |
K0204I0MP530 | Brocade Director / Switch | Services and Protocols | FTP status |
K0204I00P535 | Brocade Director / Switch | Services and Protocols | HTTP service status |
K020400MP540 | Brocade Director / Switch | Services and Protocols | REST API status |
K0204I0MP545 | Brocade Director / Switch | Services and Protocols | SNMP versions enabled |
K0204I0M0550 | Brocade Director / Switch | Services and Protocols | Telnet service status |
K0204I0MP555 | Brocade Director / Switch | Services and Protocols | Unused port status |
... and more. |
NOTE: Other than Brocade Fabric OS (FOS), additional security baseline checks should be performed against Brocade management products such as Brocade Network Advisor, SANnav and other Brocade software components.
Interested to learn about StorageGuard Security Posture Management for Brocade switches?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.