Detections
Analytics

NetApp Security Hardening Guide for ONTAP 9 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: NetApp Security Hardening Guide for ONTAP 9 v1.0.0

Updated: 11/18/2019

Authority: NetApp

Plugin: Netapp_API

Revision: 1.3

Estimated Item Count: 51

File Details

Filename: NetApp_ONTAP_9_Hardening_Guide_v1.0.0.audit

Size: 95.6 kB

MD5: 37e89a7169095901543333980969fa60
SHA256: 571177eb0f27a6e5cbf6c41fc698157c23bb32bc1d0f68654b630ca3e505ae15

Audit Items

DescriptionCategories
2.1 - Roles, Applications, and Authentication - Review authentication methods
2.1 - Roles, Applications, and Authentication - Review custom roles
2.1 - Roles, Applications, and Authentication - RSH is disabled
2.1 - Roles, Applications, and Authentication - Telnet is disabled
2.1 - Roles, Applications, and Authentication - Use of secure applications
2.2 - Default Accounts - Admin user has been renamed - create new admin
2.2 - Default Accounts - Admin user has been renamed - default admin disabled or deleted
2.2 - Default Accounts - Review default accounts
2.3 - Login and Password Parameters - Account expiration time
2.3 - Login and Password Parameters - Account inactivity time
2.3 - Login and Password Parameters - Account Maximum Failed Attempts <= 5
2.3 - Login and Password Parameters - Delay after failed login <= 4 seconds
2.3 - Login and Password Parameters - Delay between password changes <= 1
2.3 - Login and Password Parameters - Hash Algorithm SHA512
2.3 - Login and Password Parameters - Lockout Duration <= 1 Day
2.3 - Login and Password Parameters - Password Alphanumeric = true
2.3 - Login and Password Parameters - Password Expiration Time <=90 days
2.3 - Login and Password Parameters - Password expiration warning
2.3 - Login and Password Parameters - Password minimum digits <= 1
2.3 - Login and Password Parameters - Password Minimum Length >= 8
2.3 - Login and Password Parameters - Password minimum lowercase <= 1
2.3 - Login and Password Parameters - Password Minimum Special Characters >= 1
2.3 - Login and Password Parameters - Password minimum uppercase <= 1
2.3 - Login and Password Parameters - Password Require Initial Update = true
2.3 - Login and Password Parameters - Passwords Disallow Reuse >= 6
2.3 - Login and Password Parameters - Username Alphanumeric = false
2.3 - Login and Password Parameters - Username Minimum Lenth >= 3
3.1 - System Administration Methods - Login Banner
3.1 - System Administration Methods - Message of the Day
4.1 - Storage Administrative System Auditing - Log Forwarding enabled
4.1 - Storage Administrative System Auditing - Log Forwarding protocol tcp-encrypted
4.2 - Storage Administrative System Auditing - Event Notifications
5 - Storage Encryption
6 - Managing TLS and SSL - FIPS 140-2 Enabled
6 - Managing TLS and SSL - SSLv3 disabled
6 - Managing TLS and SSL - Supported Ciphers
6 - Managing TLS and SSL - TLSv1 disabled
7 - Managing TLS and SSL - Supported Ciphers
8 - Managing SSHv2 - Ciphers
8 - Managing SSHv2 - Key Exchange Algorithms
8 - Managing SSHv2 - MAC Algorithms
8 - Managing SSHv2 - Max Authentication Retry Count
9 - AutoSupport - Enabled
9 - AutoSupport - Remove Private Data
9 - AutoSupport - Transport type
10 - NAS File System Local Accounts - Use NTLM Authentication with CIFS Workgroups
11 - NAS File System Auditing - CIFS audtiting is enabled
12 - CIFS SMB Signing and Sealing- SMB encryption is enabled
12 - CIFS SMB Signing and Sealing- SMB signing is enabled
13 - Securing NFS - Export policy rules