- Notes, cautions, and warnings
- Preface
- Introduction
- Access Control
- Access control settings
- Security for management access
- Authentication
- Authorization
- Component access controls
- Data security settings
- Password policy
- Physical security controls
- Login banner and message of the day
- Logging
- Communication Security
- Communication security settings
- Port usage
- Ports used by Unisphere components on VNX for block
- How VNX for file works on the network
- Network encryption
- Management support for TLS communications on VNX2 systems
- SSL certificates
- Planning considerations for Public Key Infrastructure on VNX for file
- IP packet reflect on VNX for file systems
- Effect of filtering management network
- vSphere Storage API for Storage Awareness (VASA) support
- Special configurations
- Secure Remote Procedure Call
- Other security considerations
- Data Security Settings
- Data at Rest Encryption overview
- Data at Rest Encryption feature activation
- Encryption status
- Backup keystore file
- Data in place upgrade
- Hot spare operations
- Adding a disk drive to a VNX with encryption activated
- Removing a disk drive from a VNX with encryption enabled
- Replacing a chassis and SPs from a VNX with encryption enabled
- Security Maintenance
- Advanced Management Capabilities
- Secure deployment and usage settings
- TLS cipher suites
- LDAP-based directory server configuration
- VNX for file CLI role-based access
- VNX for file CLI security configuration operations
- Configuring password policy
- Configuring session timeout
- Protect session tokens
- Configuring network encryption and authentication using the SSL protocol
- Configuring PKI
- Creating the certificate provided by the persona
- Using the Control Station as the CA
- Obtaining CA certificates
- Generate a key set and certificate request
- Send the certificate request to the CA
- Import a CA-signed certificate
- List the available CA certificates
- Acquire a CA certificate
- Import a CA certificate
- Generate a new Control Station CA certificate
- Display the certificate
- Distribute the Control Station CA certificate
- Request and Install Customer-Supplied Certificates for Control Station
- Managing PKI
- Customize a login banner
- Create a MOTD
- Restrict anonymous root login
- Locking accounts after a specific number of failed logins
- VNX for block SSL certificate import
EMC® VNX® Series Security Configuration Guide for VNX
Audit logging on a VNX for block system
Audit logging is intended to provide a record of all activities, so that:
- Checks for suspicious activity can be performed periodically.
- The scope of suspicious activity can be determined
Audit logs are especially important for financial institutions that are monitored by regulators.
Audit information on VNX for block systems is contained within the event log on each SP. The log contains hardware and software diagnostic information as well as audit information. It contains a time-stamped record for each event, and each record contains the following information:
- Event code
- Description of event
- Name of the storage system
- Name of the corresponding SP
- Hostname associated with the SP
The storage management server adds audit records to the event log. An audit record is created each time a user logs in, enters a request through Unisphere, or executes a Secure CLI command. Each audit record is time-stamped, and identifies the following additional information for each request:
- Requestor (Unisphere username)
- Type of request
- Target of request
- Success or failure of request
The storage management server also restricts the ability to clear the audit log to administrators and security administrators only. Whenever the log is cleared by an authorized user, an event is logged to the beginning of the new log. This prevents users from removing evidence of their actions.
All service actions that the RemotelyAnywhere tool performs are also logged. These include logins/logouts, failed logins, file transfers, file modifications, and SP reboots.
SP event logs on VNX for block systems can store only a fixed number of events and will wrap if that limit is exceeded. This may take days, weeks, months, or years depending on the logging activity. Therefore, if the security requirement is to keep all logs for a set period of time, you will need to archive the logs from the VNX for block system on a regular basis. You can do this with the CLI getlog command, but a much more integrated method is to use the log to system log option of the Event Monitor template to log events to the Windows system log. You can then archive these logs as required.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\