This page provides a list of recommended secure configuration checks for Dell EMC PowerProtect DD, and is periodically updated. PowerProtect DD is part of a suite of appliances used for data protection, backup, storage and deduplication.
Interested to learn about StorageGuard Benchmark Checks for Dell PowerProtect? |
||
|
|
ID | System | Category | Configuration check |
K010CI0MP0100 | PowerProtect DD | Access Control | Approved NTP servers |
K010CI0M00105 | PowerProtect DD | Access Control | Approved Syslog servers |
K010C000P0110 | PowerProtect DD | Access Control | CIFS status |
K010CI0M00115 | PowerProtect DD | Access Control | DD Boost user role |
K010CI00P0120 | PowerProtect DD | Access Control | DDBoost client ACL |
K170CI0MP0125 | PowerProtect DD | Access Control | Disable of expired users |
K010CI0MP0130 | PowerProtect DD | Access Control | FTP ACL |
K070CI0MP0135 | PowerProtect DD | Access Control | Host-based access lists |
K070CI0MP0140 | PowerProtect DD | Access Control | HTTP ACL |
K070CI0MP0145 | PowerProtect DD | Access Control | HTTPS allowed hosts list |
K010CI0MP0150 | PowerProtect DD | Access Control | IPFilter status |
K010CI0MP0155 | PowerProtect DD | Access Control | Limit access to iDRAC Virtual Console |
K010CI0MP0160 | PowerProtect DD | Access Control | Login banner status |
K010CI0MP0165 | PowerProtect DD | Access Control | Multifactor authentication status |
K010CI00P0170 | PowerProtect DD | Access Control | NFS export client ACL |
K010CI0MP0175 | PowerProtect DD | Access Control | NFS/CIFS share ACL |
K010CI0000180 | PowerProtect DD | Access Control | Non-default local users |
K150CI0MP0185 | PowerProtect DD | Access Control | Number of concurrent sessions is limited |
K010CI0M00190 | PowerProtect DD | Access Control | portmapper status |
K010CI0MP0195 | PowerProtect DD | Access Control | Session timeout |
K010CI0MP0200 | PowerProtect DD | Access Control | SSH ACL |
K110CI0MP0205 | PowerProtect DD | Access Control | SSH allowed hosts list |
K110CI0MP0210 | PowerProtect DD | Access Control | SSH session timeout |
K010CI0MP0215 | PowerProtect DD | Access Control | Unused ports |
K010CI0M00220 | PowerProtect DD | Access Control | Web session timeout |
K010CI0M00223 | PowerProtect DD | Access Control | Replication interface access |
K010CI0MP0225 | PowerProtect DD | Audit | External log host status |
K010CI0MP0230 | PowerProtect DD | Audit | External syslog server redundancy |
K010CI0MP0235 | PowerProtect DD | Audit | NTP configuration |
K010CI0MP0240 | PowerProtect DD | Audit | NTP server redundancy |
K010CI0MP0245 | PowerProtect DD | Audit | NTP status |
K010CI0MP0250 | PowerProtect DD | Audit | Required NTP servers |
K010CI0000255 | PowerProtect DD | Audit | Required Syslog servers |
K010CI0MP0260 | PowerProtect DD | Audit | Secure NTP |
K010CI0M00265 | PowerProtect DD | Authentication | 2FA configuration (cert/pass) |
K010CI0MP0270 | PowerProtect DD | Authentication | 2FA configuration (SecurID) |
K010CI00P0275 | PowerProtect DD | Authentication | Account lockout threshold |
K010CI0MP0280 | PowerProtect DD | Authentication | Authentication server configuration (if used) |
K010CI0MP0285 | PowerProtect DD | Authentication | Authentication server redundancy (if used) |
K110CI0MP0290 | PowerProtect DD | Authentication | BIOS password set |
K010CI00P0295 | PowerProtect DD | Authentication | Central Certificate Authority (CA) status |
K010C00MP0300 | PowerProtect DD | Authentication | Certificate Issuer |
K010CI0MP0305 | PowerProtect DD | Authentication | Client authentication enforcement |
K010CI0MP0310 | PowerProtect DD | Authentication | Default local user accounts |
K130CI0MP0315 | PowerProtect DD | Authentication | Default passwords |
K010CI0MP0320 | PowerProtect DD | Authentication | Global authentication mode |
K010CI0MP0325 | PowerProtect DD | Authentication | Initial password change |
K010CI0MP0330 | PowerProtect DD | Authentication | Kerberos for BoostFS |
K010CI0MP0335 | PowerProtect DD | Authentication | KMIP configuration |
K010CI0000340 | PowerProtect DD | Authentication | Maximum number of repeated password characters |
K010CI0MP0345 | PowerProtect DD | Authentication | Maximum password age |
K010CI0MP0350 | PowerProtect DD | Authentication | Minimum account lockout duration |
K010CI0MP0355 | PowerProtect DD | Authentication | Minimum passphrase length |
K010CI0M00360 | PowerProtect DD | Authentication | Minimum password age |
K010CI0MP0365 | PowerProtect DD | Authentication | Minimum password digits |
K010CI0MP0370 | PowerProtect DD | Authentication | Minimum password length |
K080CI0MP0375 | PowerProtect DD | Authentication | Minimum password lowercase characters |
K080CI0MP0380 | PowerProtect DD | Authentication | Minimum password special characters |
K010CI0MP0385 | PowerProtect DD | Authentication | Minimum password uppercase characters |
K010CI0MP0390 | PowerProtect DD | Authentication | NDMP authentication type |
K010CI0MP0395 | PowerProtect DD | Authentication | Number of disallowed past passwords |
K010CI00P0400 | PowerProtect DD | Authentication | Password hash strength |
K010CI0MP0405 | PowerProtect DD | Authentication | Replication peer authentication |
K010CI0MP0410 | PowerProtect DD | Authentication | SNMP community default string |
K010CI0MP0415 | PowerProtect DD | Authentication | SNMP user authentication |
K070CI00P0420 | PowerProtect DD | Authentication | Two-factor authentication for iDRAC |
K010CI0MP0425 | PowerProtect DD | Authorization | Approved Admin user/group |
K010CI0MP0430 | PowerProtect DD | Authorization | Approved CIFS admin users / groups |
K010CI0MP0435 | PowerProtect DD | Authorization | CIFS anonymous user access restriction |
K010CI0MP0440 | PowerProtect DD | Authorization | Permission on sensitive directories/files |
K190CI0M00445 | PowerProtect DD | Authorization | Root squash is enforced |
K010CI0MP0450 | PowerProtect DD | Authorization | Use of limited-admin |
K010CI0MP0455 | PowerProtect DD | Backup and Recovery | Align backup retention period policy with retention lock time |
K010CI0MP0460 | PowerProtect DD | Backup and Recovery | Approved target Data Domain |
K010C00MP0465 | PowerProtect DD | Backup and Recovery | Automatic lock delay |
K010CI0M00470 | PowerProtect DD | Backup and Recovery | Automatic retention period |
K010CI0MP0475 | PowerProtect DD | Backup and Recovery | Backup application commits files for retention locking |
K090CI0MP0480 | PowerProtect DD | Backup and Recovery | iDRAC Retention Lock Compliance |
K090CI0000485 | PowerProtect DD | Backup and Recovery | Maximum retention period |
K040CI0MP0490 | PowerProtect DD | Backup and Recovery | Minimum retention period |
K040CI0MP0495 | PowerProtect DD | Backup and Recovery | Mtree with retention lock |
K010CI0MP0500 | PowerProtect DD | Backup and Recovery | Remote replication |
K110CI0MP0505 | PowerProtect DD | Backup and Recovery | Replication pair status |
K010CI0MP0510 | PowerProtect DD | Backup and Recovery | Replication topology |
K010CI0MP0515 | PowerProtect DD | Backup and Recovery | Required Mtree lock |
K010CI0MP0520 | PowerProtect DD | Backup and Recovery | Retention Lock Compliance license |
K010CI0MP0525 | PowerProtect DD | Backup and Recovery | Retention Lock configuration |
K010CI0MP0530 | PowerProtect DD | Backup and Recovery | Retention Lock mode status |
K010CI0MP0535 | PowerProtect DD | Backup and Recovery | Retention Lock use (manual vs automatic) |
K010CI0MP0540 | PowerProtect DD | Backup and Recovery | Retention Locking mode |
K010CI0MP0545 | PowerProtect DD | Backup and Recovery | Security Officer authorization enabled |
K010CI00P0550 | PowerProtect DD | Backup and Recovery | Target Mtree Replication propagate retention lock |
K120CI0MP0555 | PowerProtect DD | Configuration Management | DD boost user assignment to single unit |
K010CI00P0560 | PowerProtect DD | Configuration Management | DNS server redundancy |
K010CI0MP0565 | PowerProtect DD | Configuration Management | DNS service status |
K010CI0MP0570 | PowerProtect DD | Configuration Management | File share export options |
K010CI0MP0575 | PowerProtect DD | Configuration Management | File share max connections |
K020CI0000580 | PowerProtect DD | Configuration Management | HTTP\HTTPS default port used |
K020CI0MP0585 | PowerProtect DD | Configuration Management | Remote support configuration |
K010CI0MP0590 | PowerProtect DD | Configuration Management | Security officer configuration |
K010CI0MP0595 | PowerProtect DD | Configuration Management | SSH non-default port |
K010CI0MP0600 | PowerProtect DD | Configuration Management | SSO configuration |
K010CI0MP0605 | PowerProtect DD | Configuration Management | Target Data Domain OS version |
K010C00MP0610 | PowerProtect DD | Encryption | Certificate expiry |
K010CI0MP0615 | PowerProtect DD | Encryption | Certificate key size |
K010CI0MP0620 | PowerProtect DD | Encryption | Client session encryption is disabled |
K170CI0M00625 | PowerProtect DD | Encryption | CRL configuration |
K010CI0MP0630 | PowerProtect DD | Encryption | Data at-rest encryption algorithm |
K010CI0MP0635 | PowerProtect DD | Encryption | DDBoost encryption enforcement |
K010CI0MP0640 | PowerProtect DD | Encryption | DDBoost encryption strength |
K010CI0MP0645 | PowerProtect DD | Encryption | DDBoost file replication encryption |
K010CI0MP0650 | PowerProtect DD | Encryption | Encryption of data at rest |
K010CI0000655 | PowerProtect DD | Encryption | ESRS secure connection |
K050CI0MP0660 | PowerProtect DD | Encryption | In-flight data encryption enforcement |
K010CI0MP0665 | PowerProtect DD | Encryption | MAC algorithm strength |
K010CI0000670 | PowerProtect DD | Encryption | Mtree replication encryption |
K110CI0MP0675 | PowerProtect DD | Encryption | NFS privacy (krb) |
K010CI00P0680 | PowerProtect DD | Encryption | Replication encryption over wire |
K010CI0MP0685 | PowerProtect DD | Encryption | Secure LDAP |
K010CI0MP0690 | PowerProtect DD | Encryption | Self-signed certificates |
K010CI0MP0695 | PowerProtect DD | Encryption | SMB digital signing |
K010CI0MP0700 | PowerProtect DD | Encryption | SNMP message privacy |
K010CI0MP0705 | PowerProtect DD | Encryption | SNMP message privacy algorithm strength |
K010CI0MP0710 | PowerProtect DD | Encryption | SSH cipher strength |
K010CI0MP0715 | PowerProtect DD | Encryption | SSL certificate status |
K010CI0MP0720 | PowerProtect DD | Encryption | TLS for FTP |
K010CI0MP0725 | PowerProtect DD | Encryption | TLS level |
K010CI0MP0730 | PowerProtect DD | Hardening | Disable default root account |
K010CI0MP0735 | PowerProtect DD | Hardening | FIPS mode status |
K010CI0MP0740 | PowerProtect DD | Hardening | Time change limits |
K010CI0MP0745 | PowerProtect DD | Hardening | USB ports disabled |
K010CI0000750 | PowerProtect DD | Monitoring | CloudIQ settings |
K010CI0MP0755 | PowerProtect DD | Monitoring | Email alerts |
K010CI0000760 | PowerProtect DD | Monitoring | ESRS settings and state |
K010CI0MP0765 | PowerProtect DD | Services and Protocols | Approved NFS versions |
K010CI0MP0770 | PowerProtect DD | Services and Protocols | CIFS SMBv1 status |
K010CI0M00775 | PowerProtect DD | Services and Protocols | Cloud status |
K010CI00P0780 | PowerProtect DD | Services and Protocols | DDNS status |
K010C00MP0785 | PowerProtect DD | Services and Protocols | FTP service |
K010CI0MP0790 | PowerProtect DD | Services and Protocols | HTTP service |
K030CI0MP0795 | PowerProtect DD | Services and Protocols | IPMI configuration |
K180CI0MP0800 | PowerProtect DD | Services and Protocols | IPv6 configuration |
K010CI0MP0805 | PowerProtect DD | Services and Protocols | NDMP configuration |
K110CI0000810 | PowerProtect DD | Services and Protocols | NFS port |
K010CI0MP0815 | PowerProtect DD | Services and Protocols | SNMP service |
K010CI0M00820 | PowerProtect DD | Services and Protocols | SNMPv1 / SNMPv2 version |
K010CI0MP0825 | PowerProtect DD | Services and Protocols | Telnet service |
K010CI0MP0830 | PowerProtect DD | Services and Protocols | Telnet uninstall |
K010CI0MP0835 | PowerProtect DD | Services and Protocols | VTL service |
K010CI0MP0840 | PowerProtect DD | Isolation | Unique credentials |
K010CI0MP0845 | PowerProtect DD | Isolation | Use of local users (No AD) |
... and more. |
NOTE: Other than DDOS, additional security baseline checks should be performed against Data Protection Central (DPC), PowerProtect Data Manager, Smart Scale, iDRAC and other Dell EMC components.
Interested to learn about StorageGuard Security Posture Management for PowerProtect DD?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.