This page provides a list of recommended secure configuration checks for Dell EMC Elastic Cloud Storage (ECS) systems, and is periodically updated.
Dell EMC ECS is a modern software-defined object storage platform designed for both traditional and next-generation workloads.
| System | Category | Configuration check |
| Dell EMC ECS | Access Control | Access During Outage |
| Dell EMC ECS | Access Control | Access-Control-Allow-Headers setting |
| Dell EMC ECS | Access Control | Access-Control-Allow-Methods setting |
| Dell EMC ECS | Access Control | Access-Control-Allow-Origin setting |
| Dell EMC ECS | Access Control | Access-Control-Expose-Headers setting |
| Dell EMC ECS | Access Control | Access-Control-Max-Age setting |
| Dell EMC ECS | Access Control | Approved admin user/group |
| Dell EMC ECS | Access Control | Approved LDAP Servers |
| Dell EMC ECS | Access Control | Authentication provider group whitelist |
| Dell EMC ECS | Access Control | Bucket acl |
| Dell EMC ECS | Access Control | Bucket default groups |
| Dell EMC ECS | Access Control | CAS IP restrictions |
| Dell EMC ECS | Access Control | Central Certificate Authority (CA) status |
| Dell EMC ECS | Access Control | Certificate issuer |
| Dell EMC ECS | Access Control | External key manager configuration |
| Dell EMC ECS | Access Control | Firewall status |
| Dell EMC ECS | Access Control | Hardening status |
| Dell EMC ECS | Access Control | HTTP access |
| Dell EMC ECS | Access Control | Inactive user time |
| Dell EMC ECS | Access Control | IPMI access mode |
| Dell EMC ECS | Access Control | IPMI session type |
| Dell EMC ECS | Access Control | Login Banner Status |
| Dell EMC ECS | Access Control | Max number of sessions |
| Dell EMC ECS | Access Control | Max session duration |
| Dell EMC ECS | Access Control | NFS anon user mapping |
| Dell EMC ECS | Access Control | Node compliance mode |
| Dell EMC ECS | Access Control | Node firewall health |
| Dell EMC ECS | Access Control | Node firewall status |
| Dell EMC ECS | Access Control | Node lockdown |
| Dell EMC ECS | Access Control | Non-default admin local users |
| Dell EMC ECS | Access Control | Permission on sensitive directories/files |
| Dell EMC ECS | Access Control | Readonly access during outage |
| Dell EMC ECS | Access Control | Remote support configuration |
| Dell EMC ECS | Access Control | Remote support status |
| Dell EMC ECS | Access Control | Session timeout |
| Dell EMC ECS | Access Control | Session timeout (UI) |
| Dell EMC ECS | Access Control | SNMP trap receiver |
| Dell EMC ECS | Access Control | SNMP version |
| Dell EMC ECS | Access Control | User Agreement Text |
| Dell EMC ECS | Access Control | Vdc lockdown |
| Dell EMC ECS | Audit | Approved external syslog servers |
| Dell EMC ECS | Audit | Approved NTP servers |
| Dell EMC ECS | Audit | Bucket Audit Delete Expiration |
| Dell EMC ECS | Audit | Centralized log server |
| Dell EMC ECS | Audit | Centralized log server redundancy |
| Dell EMC ECS | Audit | Min severity for syslog |
| Dell EMC ECS | Audit | NTP server configuration |
| Dell EMC ECS | Audit | NTP server redundancy |
| Dell EMC ECS | Audit | NTP service status |
| Dell EMC ECS | Audit | Required external syslog servers |
| Dell EMC ECS | Audit | Required NTP servers |
| Dell EMC ECS | Audit | Syslog facility |
| Dell EMC ECS | Audit | Syslog protocol |
| Dell EMC ECS | Audit | Syslog status |
| Dell EMC ECS | Authentication | [HDFS] Kerberos admin ACL |
| Dell EMC ECS | Authentication | [HDFS] Kerberos configuration |
| Dell EMC ECS | Authentication | [HDFS] Kerberos status |
| Dell EMC ECS | Authentication | Account lockout threshold |
| Dell EMC ECS | Authentication | Default passwords |
| Dell EMC ECS | Authentication | IPMI anonymous user access |
| Dell EMC ECS | Authentication | IPMI authentication type |
| Dell EMC ECS | Authentication | IPMI default password |
| Dell EMC ECS | Authentication | IPMI per message authentication |
| Dell EMC ECS | Authentication | IPMI user level authentication |
| Dell EMC ECS | Authentication | IPMI user list |
| Dell EMC ECS | Authentication | LDAP server configuration |
| Dell EMC ECS | Authentication | LDAP Server redundancy |
| Dell EMC ECS | Authentication | Max password age |
| Dell EMC ECS | Authentication | Min number of lowercase password chars |
| Dell EMC ECS | Authentication | Min number of password numeric chars |
| Dell EMC ECS | Authentication | Min number of password special chars |
| Dell EMC ECS | Authentication | Min number of uppercase password chars |
| Dell EMC ECS | Authentication | Min password age |
| Dell EMC ECS | Authentication | Min password char change |
| Dell EMC ECS | Authentication | NFS authentication settings |
| Dell EMC ECS | Authentication | NFS root user mapping |
| Dell EMC ECS | Authentication | Password length |
| Dell EMC ECS | Authentication | Password reuse |
| Dell EMC ECS | Authentication | Password rule status |
| Dell EMC ECS | Authentication | Rack switch SNMP community string |
| Dell EMC ECS | Authentication | Required LDAP Servers |
| Dell EMC ECS | Authentication | SNMP authentication |
| Dell EMC ECS | Authentication | SNMP authentication algorithm strength |
| Dell EMC ECS | Authentication | SNMP community string |
| Dell EMC ECS | Authorization | Bucket permission |
| Dell EMC ECS | Authorization | Default group directory exec permission |
| Dell EMC ECS | Authorization | Default group directory read permission |
| Dell EMC ECS | Authorization | Default group directory write permission |
| Dell EMC ECS | Authorization | Default group file exec permission |
| Dell EMC ECS | Authorization | Default group file read permission |
| Dell EMC ECS | Authorization | Default group file write permission |
| Dell EMC ECS | Authorization | S3 bucket acl |
| Dell EMC ECS | Backup and Recovery | Bucket auto-commit configuration |
| Dell EMC ECS | Backup and Recovery | Bucket compliance status |
| Dell EMC ECS | Backup and Recovery | Bucket retention enforcemnt |
| Dell EMC ECS | Backup and Recovery | Bucket retention settings |
| Dell EMC ECS | Backup and Recovery | Default bucket retention |
| Dell EMC ECS | Backup and Recovery | Default object lock retention |
| Dell EMC ECS | Backup and Recovery | Default object lock retention mode |
| Dell EMC ECS | Backup and Recovery | Fixed retention configuration |
| Dell EMC ECS | Backup and Recovery | Full replication |
| Dell EMC ECS | Backup and Recovery | Namespace compliance status |
| Dell EMC ECS | Backup and Recovery | Namespace retention policy configuration |
| Dell EMC ECS | Backup and Recovery | Replication configuration |
| Dell EMC ECS | Backup and Recovery | Replication mode |
| Dell EMC ECS | Backup and Recovery | RPO alert |
| Dell EMC ECS | Backup and Recovery | S3 Bucket lock configuration |
| Dell EMC ECS | Backup and Recovery | S3 Bucket Versioning |
| Dell EMC ECS | Backup and Recovery | Variable retention configuration |
| Dell EMC ECS | Backup and Recovery | Varray protection |
| Dell EMC ECS | Configuration Management | DNS server configuration |
| Dell EMC ECS | Configuration Management | DNS server redundancy |
| Dell EMC ECS | Configuration Management | DNS service status |
| Dell EMC ECS | Configuration Management | ECS CLI version |
| Dell EMC ECS | Configuration Management | ECS streamer version |
| Dell EMC ECS | Configuration Management | Fcli health |
| Dell EMC ECS | Configuration Management | Firmware version |
| Dell EMC ECS | Configuration Management | NFS version |
| Dell EMC ECS | Configuration Management | Node list (MACHINES) |
| Dell EMC ECS | Configuration Management | Target ECS version |
| Dell EMC ECS | Configuration Management | Target node version |
| Dell EMC ECS | Configuration Management | xDoctor Auto update status |
| Dell EMC ECS | Configuration Management | xDoctor version |
| Dell EMC ECS | Encryption | Data encryption enforcement (namespace) |
| Dell EMC ECS | Encryption | Email SSL |
| Dell EMC ECS | Encryption | Event encryption |
| Dell EMC ECS | Encryption | Openssl configuration |
| Dell EMC ECS | Encryption | Server side encryption |
| Dell EMC ECS | Encryption | SMTP TLS |
| Dell EMC ECS | Encryption | SNMP privacy |
| Dell EMC ECS | Encryption | SNMP privacy algorithm strength |
| Dell EMC ECS | Encryption | SSL certificate status |
| Dell EMC ECS | Encryption | TLS level |
| Dell EMC ECS | Encryption | Truststore accept_all_certificates |
| Dell EMC ECS | Encryption | Use of secure LDAP |
| Dell EMC ECS | Encryption | VDC encryption |
| Dell EMC ECS | Encryption | xDoctor Auto update secure protocol |
| Dell EMC ECS | Information Security | Management, data and replication separation |
| Dell EMC ECS | Information Security | NFS exports |
| Dell EMC ECS | Information Security | Support data scrubbing |
| Dell EMC ECS | Inventory | ECS CLI client list |
| Dell EMC ECS | Inventory | ECS node list |
| Dell EMC ECS | Inventory | ECS streamer |
| Dell EMC ECS | Inventory | ECS switch list |
| Dell EMC ECS | Inventory | ECS system list |
| Dell EMC ECS | Monitoring | Alert policy configuration |
| Dell EMC ECS | Monitoring | Call home state |
| Dell EMC ECS | Monitoring | Email events status |
| Dell EMC ECS | Monitoring | ESRS configuration |
| Dell EMC ECS | Monitoring | ESRS status |
| Dell EMC ECS | Monitoring | IPMI alerting |
| Dell EMC ECS | Monitoring | SNMP service status |
| Dell EMC ECS | Services and Protocols | Filesystem access |
| Dell EMC ECS | Services and Protocols | IPMI status |
| Dell EMC ECS | Services and Protocols | IPv6 status |
| Dell EMC ECS | Services and Protocols | Telnet service status |
| Dell EMC ECS | Services and Protocols | Unused services (atmos) |
| Dell EMC ECS | Services and Protocols | Unused services (s3) |
| Dell EMC ECS | Services and Protocols | Unused services (swift) |
| Dell EMC ECS | Services and Protocols | Unused services (nfs) |
| Dell EMC ECS | Services and Protocols | Unused services (hdfs) |
| Dell EMC ECS | Services and Protocols | Unused services (cas) |
| Dell EMC ECS | Services and Protocols | Unused ports |
| Dell EMC ECS | Services and Protocols | Disable SNMP if not used |
| Dell EMC ECS | Services and Protocols | Disable remote support if not used |
| ... and more. |
|
Interested to learn about StorageGuard secure configuration checks for Storage and Backup systems? |
Comments
0 comments
Please sign in to leave a comment.