This page provides a list of recommended secure configuration checks for Dell EMC PowerScale, and is periodically updated. Dell EMC PowerScale is an enterprise network-attached storage (NAS) platforms for high-volume storage, backup and archiving of unstructured data.
| ID | System | Category | Configuration check |
| K020D000P215 | Dell EMC PowerScale | Access Control | Zone Host ACL |
| K020D000P210 | Dell EMC PowerScale | Access Control | Web-based access isolated to a specific management network |
| K020D000P205 | Dell EMC PowerScale | Access Control | Unknown user UID |
| K010D000P200 | Dell EMC PowerScale | Access Control | System and data access zone separation |
| K020D000P195 | Dell EMC PowerScale | Access Control | Non-default local users |
| K020D000P190 | Dell EMC PowerScale | Access Control | NFS export client access list |
| K020D000P185 | Dell EMC PowerScale | Access Control | MOTD status |
| K020D000P180 | Dell EMC PowerScale | Access Control | MOTD message |
| K050D000P175 | Dell EMC PowerScale | Access Control | Minimum account lockout duration |
| K020D000P170 | Dell EMC PowerScale | Access Control | Login banner status |
| K020DI00P165 | Dell EMC PowerScale | Access Control | IPMI user list |
| K020D000P160 | Dell EMC PowerScale | Access Control | IPMI status |
| K020D000P155 | Dell EMC PowerScale | Access Control | IPMI Serial over LAN |
| K020D00MP150 | Dell EMC PowerScale | Access Control | IPMI power control |
| K020D000P145 | Dell EMC PowerScale | Access Control | IPMI IP ACL |
| K020D00MP140 | Dell EMC PowerScale | Access Control | IPMI default password |
| K020D000P135 | Dell EMC PowerScale | Access Control | Idle session timeout (SSH) |
| K020DI00P130 | Dell EMC PowerScale | Access Control | Idle session timeout (CLI) |
| K020D000P125 | Dell EMC PowerScale | Access Control | External firewall configuration |
| K020D000P120 | Dell EMC PowerScale | Access Control | CIFS share user access list |
| K020D000P115 | Dell EMC PowerScale | Access Control | browsable share status |
| K070D000P110 | Dell EMC PowerScale | Access Control | Account lockout threshold |
| K020D000P105 | Dell EMC PowerScale | Access Control | Access Based Enumeration |
| K020D000P100 | Dell EMC PowerScale | Access Control | /ifs root share status |
| K050D000P415 | Dell EMC PowerScale | Authentication | Two-factor authentication |
| K050D000P410 | Dell EMC PowerScale | Authentication | SNMP user authentication algorithm strength |
| K020D000P405 | Dell EMC PowerScale | Authentication | SNMP user authentication |
| K020D000P400 | Dell EMC PowerScale | Authentication | SNMP community default string |
| K020D000P395 | Dell EMC PowerScale | Authentication | Required LDAP provider |
| K020D000P390 | Dell EMC PowerScale | Authentication | Required Identity provider (Kerberos) |
| K020D000P385 | Dell EMC PowerScale | Authentication | Required Active Directory provider |
| K060D000P380 | Dell EMC PowerScale | Authentication | Password last change |
| K020D000P375 | Dell EMC PowerScale | Authentication | Password history |
| K020D000P370 | Dell EMC PowerScale | Authentication | Password complexity |
| K020D00MP365 | Dell EMC PowerScale | Authentication | NTLMv2 status |
| K020DI00P360 | Dell EMC PowerScale | Authentication | NDMP password strength |
| K010D000P355 | Dell EMC PowerScale | Authentication | Minimum password length |
| K020D000P350 | Dell EMC PowerScale | Authentication | Minimum password age |
| K020D000P345 | Dell EMC PowerScale | Authentication | Maximum password age |
| K020D000P340 | Dell EMC PowerScale | Authentication | KMIP status |
| K020D000P335 | Dell EMC PowerScale | Authentication | Kerberos authentication status |
| K020D000P330 | Dell EMC PowerScale | Authentication | Default passwords |
| K020D000P325 | Dell EMC PowerScale | Authentication | Approved LDAP Servers |
| K020D000P320 | Dell EMC PowerScale | Authentication | Approved KMIP servers |
| K040D000P315 | Dell EMC PowerScale | Authentication | Approved Kerberos providers |
| K020D000P310 | Dell EMC PowerScale | Authentication | Approved authentication provider |
| K020D000P305 | Dell EMC PowerScale | Authentication | Approved Active Directory provider |
| K020D000P440 | Dell EMC PowerScale | Authorization | SNMP user permission |
| K020D000P435 | Dell EMC PowerScale | Authorization | nobody user status |
| K020D000P430 | Dell EMC PowerScale | Authorization | Guest account is disabled |
| K020D000P425 | Dell EMC PowerScale | Authorization | File share user access rights |
| K020D000P420 | Dell EMC PowerScale | Authorization | Approved admin user / group |
| K020D000P525 | Dell EMC PowerScale | Backup and Recovery | WORM Domain privileged delete status |
| K020D000P520 | Dell EMC PowerScale | Backup and Recovery | WORM Domain Override retention date |
| K020D000P515 | Dell EMC PowerScale | Backup and Recovery | WORM Domain minimum retention |
| K020D000P510 | Dell EMC PowerScale | Backup and Recovery | WORM Domain maximum retention |
| K020D000P505 | Dell EMC PowerScale | Backup and Recovery | WORM Domain default retention |
| K020D00M0500 | Dell EMC PowerScale | Backup and Recovery | Snapshot configuration |
| K010D000P495 | Dell EMC PowerScale | Backup and Recovery | Snapshot autodelete |
| K020D000P490 | Dell EMC PowerScale | Backup and Recovery | Snapshot access |
| K020D000P485 | Dell EMC PowerScale | Backup and Recovery | SmartLock status |
| K020D000P480 | Dell EMC PowerScale | Backup and Recovery | SmartLock mode |
| K020D000P475 | Dell EMC PowerScale | Backup and Recovery | SmartLock domains |
| K020DI00P470 | Dell EMC PowerScale | Backup and Recovery | remote replication configuration |
| K020D000P465 | Dell EMC PowerScale | Backup and Recovery | Remote copy |
| K020D000P460 | Dell EMC PowerScale | Backup and Recovery | Ransomware defender configuration |
| K020D000P455 | Dell EMC PowerScale | Backup and Recovery | Protected recovery copies |
| K090D000P450 | Dell EMC PowerScale | Backup and Recovery | Data/Backup Retention |
| K020D000P445 | Dell EMC PowerScale | Backup and Recovery | Configuration backup |
| K020D000P575 | Dell EMC PowerScale | Configuration Management | Target OneFS version |
| K020D000P570 | Dell EMC PowerScale | Configuration Management | Required DNS server |
| K030D000P565 | Dell EMC PowerScale | Configuration Management | Remote support status |
| K030D000P560 | Dell EMC PowerScale | Configuration Management | Remote support configuration |
| K020D000P555 | Dell EMC PowerScale | Configuration Management | NFS versions enabled |
| K020D000P550 | Dell EMC PowerScale | Configuration Management | Drive firmware |
| K020D000P545 | Dell EMC PowerScale | Configuration Management | DNS service status |
| K020D000P540 | Dell EMC PowerScale | Configuration Management | DNS server redundancy |
| K020D000P535 | Dell EMC PowerScale | Configuration Management | Approved Isilon release |
| K020D000P530 | Dell EMC PowerScale | Configuration Management | Approved DNS server |
| K020D000P650 | Dell EMC PowerScale | Encryption | TLS level check |
| K020D000P645 | Dell EMC PowerScale | Encryption | SSL certificate status |
| K020D000P640 | Dell EMC PowerScale | Encryption | SSH MAC strength |
| K020D000P635 | Dell EMC PowerScale | Encryption | SNMP message privacy algorithm strength |
| K020D000P630 | Dell EMC PowerScale | Encryption | SNMP message privacy |
| K020D000P625 | Dell EMC PowerScale | Encryption | SMB Security Signatures |
| K020D000P620 | Dell EMC PowerScale | Encryption | SMB Encryption |
| K020D000P615 | Dell EMC PowerScale | Encryption | Replication encryption |
| K020D000P610 | Dell EMC PowerScale | Encryption | Reject unencrypted access |
| K020D00MP605 | Dell EMC PowerScale | Encryption | OCSP configuration |
| K020D000P600 | Dell EMC PowerScale | Encryption | Default encryption enabled |
| K020D000P595 | Dell EMC PowerScale | Encryption | Data-at-rest encryption |
| K020D000P590 | Dell EMC PowerScale | Encryption | Certificate thumbprint algorithm |
| K020D000P585 | Dell EMC PowerScale | Encryption | Certificate issuer |
| K020DI00P580 | Dell EMC PowerScale | Encryption | Central Certificate Authority (CA) status |
| K070D000P665 | Dell EMC PowerScale | Hardening | root user status |
| K020D000P660 | Dell EMC PowerScale | Hardening | Hardening status |
| K020D000P655 | Dell EMC PowerScale | Hardening | Cluster join mode |
| K020D000P300 | Dell EMC PowerScale | Log | Syslog min severity |
| K020D000P295 | Dell EMC PowerScale | Log | syslog facility |
| K030D000P290 | Dell EMC PowerScale | Log | Required NTP Servers |
| K020DI00P285 | Dell EMC PowerScale | Log | Required external syslog servers |
| K020D000P280 | Dell EMC PowerScale | Log | Protocol auditing |
| K020D000P275 | Dell EMC PowerScale | Log | NTP server redundancy |
| K020D000P270 | Dell EMC PowerScale | Log | NTP server configuration |
| K020D000P265 | Dell EMC PowerScale | Log | NTP authentication |
| K080D000P260 | Dell EMC PowerScale | Log | Log retention period |
| K020D000P255 | Dell EMC PowerScale | Log | Event forwarding to CEE |
| K020D00M0250 | Dell EMC PowerScale | Log | Configuration change auditing |
| K020D000P245 | Dell EMC PowerScale | Log | Centralized log server redundancy |
| K020D000P240 | Dell EMC PowerScale | Log | Centralized log server |
| K090D000P235 | Dell EMC PowerScale | Log | Audit settings |
| K020D000P225 | Dell EMC PowerScale | Log | Approved NTP Servers |
| K020D000P230 | Dell EMC PowerScale | Log | Approved NTP servers |
| K020D000P220 | Dell EMC PowerScale | Log | Approved external syslog servers |
| K020D000P695 | Dell EMC PowerScale | Malware Protection | Required Antivirus server |
| K020D000P690 | Dell EMC PowerScale | Malware Protection | Ransomware file filtering |
| K020D000P685 | Dell EMC PowerScale | Malware Protection | CEE forwarding to external file policy server |
| K020D000P680 | Dell EMC PowerScale | Malware Protection | Approved Antivirus (ICAP) server |
| K070D000P675 | Dell EMC PowerScale | Malware Protection | Antivirus server redundancy |
| K020D000P670 | Dell EMC PowerScale | Malware Protection | Antivirus server configuration |
| K050D000P710 | Dell EMC PowerScale | Monitoring | Telemetry status |
| K020DI00P705 | Dell EMC PowerScale | Monitoring | SNMP monitoring |
| K020D000P700 | Dell EMC PowerScale | Monitoring | Email notifications |
| K020D000P790 | Dell EMC PowerScale | Services and Protocols | Telnet access |
| K020D000P785 | Dell EMC PowerScale | Services and Protocols | SyncIQ status |
| K020D000P780 | Dell EMC PowerScale | Services and Protocols | Swift access |
| K050D000P775 | Dell EMC PowerScale | Services and Protocols | Support NetBIOS |
| K020D000P770 | Dell EMC PowerScale | Services and Protocols | SNMPv1 / SNMPv2 status |
| K020D00M0765 | Dell EMC PowerScale | Services and Protocols | SNMP status |
| K020D000P760 | Dell EMC PowerScale | Services and Protocols | SNMP agent Status |
| K020D000P755 | Dell EMC PowerScale | Services and Protocols | SMBv2 status |
| K020D000P750 | Dell EMC PowerScale | Services and Protocols | SMBv1 status |
| K020D000P745 | Dell EMC PowerScale | Services and Protocols | SMB access |
| K020D000P740 | Dell EMC PowerScale | Services and Protocols | S3 service status |
| K020D000P735 | Dell EMC PowerScale | Services and Protocols | NFS access |
| K020DI00P730 | Dell EMC PowerScale | Services and Protocols | NDMP status |
| K020DI00P725 | Dell EMC PowerScale | Services and Protocols | HTTP access |
| K020D000P720 | Dell EMC PowerScale | Services and Protocols | HDFS access |
| K020D000P715 | Dell EMC PowerScale | Services and Protocols | FTP service status |
| ... and more. |
NOTE: Security baseline checks should be performed also against additional components such as DataIQ, InsightIQ, iDRAC, Superna and other related components.
|
Interested to learn about StorageGuard secure configuration checks for PowerScale?
|
||
|
|
|
|
Comments
0 comments
Please sign in to leave a comment.