Revision 1.20

Dec 12, 2018

Informational Update

2.0 Install & Config - 'Disable RIPv1'
2.2 Disable/Modify Default Accts - 'SNMP default community strings have been removed'
2.2 Disable/Modify Default Accts - 'alternate admin account has been created (root)'
2.2 Disable/Modify Default Accts - 'alternate admin account has been created (snmp)'
2.2 Disable/Modify Default Accts - 'ndmp/ndmpcopy service account'
2.4 Password Security - 'maximum password age <= 90'
2.4 Password Security - 'minimum password age >= 1'
3.1 Storage System (Hardware) Management - 'Change the root account password after each use'
3.1 Storage System (Hardware) Management - 'FW version >= 4.0'
3.1 Storage System (Hardware) Management - 'Place the interface on a management VLAN'
3.1 Storage System (Hardware) Management - 'Strong Password root account'
3.2 Data ONTAP (Software) Mgmt - 'Place e0M on a management VLAN'
3.2 Data ONTAP (Software) Mgmt - 'Set SSH login banner'
3.2 Data ONTAP (Software) Mgmt - 'Telnet login banner'
3.2 Data ONTAP (Software) Mgmt - 'Use e0M as the Data ONTAP management port'
3.3 Role-Based Access Control (RBAC) - 'RBAC has been implemented'
5.2 SnapMirror - 'replication.throttle.enable = on'
5.2 SnapMirror - 'replication.throttle.incoming.max_kbs has been configured'
5.2 SnapMirror - 'replication.throttle.outgoing.max_kbs has been configured'
5.2 SnapMirror - 'snapmirror.access has been configured'
5.2 SnapMirror - 'snapmirror.allow file should be reviewed'
5.2 SnapMirror - 'snapmirror.log.enable = on'
5.3 SnapVault - 'snapvault.access has been configured'
5.3 SnapVault - 'snapvault.preservesnap = on'
5.3 SnapVault - 'snapvault.snapshot_for_dr_backup has been configured'
5.4 CIFS - 'cifs.LMCompatibilityLevel <= 3'
5.4 CIFS - 'cifs.audit.account_mgmt_events.enable = on'
5.4 CIFS - 'cifs.audit.autosave.file.extension has been configured'
5.4 CIFS - 'cifs.audit.autosave.file.limit has been configured'
5.4 CIFS - 'cifs.audit.autosave.onsize.enable = on'
5.4 CIFS - 'cifs.audit.autosave.onsize.threshold has been configured'
5.4 CIFS - 'cifs.audit.autosave.ontime.interval has been configured'
5.4 CIFS - 'cifs.audit.enable = on'
5.4 CIFS - 'cifs.audit.file_access_events.enable = on'
5.4 CIFS - 'cifs.audit.liveview.enable = off'
5.4 CIFS - 'cifs.audit.logon_events.enable = on'
5.4 CIFS - 'cifs.audit.nfs.enable = on'
5.4 CIFS - 'cifs.audit.nfs.filter.filename has been configured'
5.4 CIFS - 'cifs.gpo.enable = on'
5.4 CIFS - 'cifs.guest_account is not configured'
5.4 CIFS - 'cifs.restrict_anonymous = 2'
5.4 CIFS - 'cifs.smb2.client.enable = on'
5.4 CIFS - 'cifs.smb2.durable_handle.enable = on'
5.4 CIFS - 'cifs.smb2.durable_handle.timeout'
5.4 CIFS - 'cifs.smb2.signing.required = on'
5.4 CIFS - 'dns.domainname has been configured'
5.4 CIFS - 'dns.enable = on'
5.4 CIFS - 'dns.update.enable = on or secure'
5.4 CIFS - 'ldap.enable = on'
5.4 CIFS - 'ldap.security.level = 1 or 2'
5.4 CIFS - 'timed.enable = on'
5.4 CIFS - 'timed.proto = ntp'
5.4 CIFS - 'timed.servers has been configured'
5.4 CIFS - 'timed.window = 5m'
5.5 NFS - 'cifs.nfs_root_ignore_acl = on'
5.5 NFS - 'cifs.preserve_unix_security = on'
5.5 NFS - 'nfs.kerberos.enable = on'
5.5 NFS - 'nfs.kerberos.file_keytab.enable = on'
5.5 NFS - 'nfs.kerberos.principal has been configured'
5.5 NFS - 'nfs.kerberos.realm has been configured'
5.5 NFS - 'nfs.rpcsec.ctx.high has been configured'
5.5 NFS - 'nfs.rpcsec.ctx.idle has been configured'
5.5 NFS - 'nfs.v4.acl.enable = on'
5.5 NFS - 'nfs.v4.id.domain has been configured'
5.5 NFS - 'nfs.v4.read_delegation = on'
5.5 NFS - 'nfs.v4.write_delegation = on'
5.5 NFS - 'wafl.default_nt_user has been configured'
5.5 NFS - 'wafl.default_security_style has been configured'
5.5 NFS - 'wafl.default_unix_user has been configured'
5.5 NFS - 'wafl.nt_admin_priv_map_to_root = on'
5.5 NFS - 'wafl.wcc_minutes_valid has been configured'

Miscellaneous

Metadata updated.
References updated.
See also link updated.

Detections

Analytics

Revision 1.20

Dec 12, 2018

Informational Update

Miscellaneous