JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Sun ZFS Appliance Monitor

Security Guide, Version 1.0

search filter icon
search icon

Document Information

Using This Documentation

1.  Overview

Product Overview

Basic Security Principles

Keep Software Up To Date

Restrict Network Access to Critical Services

Follow the Principle of Least Privilege

Monitor System Activity

Mobile Device Security Features

Architecture Overview

2.  Secure Installation and Configuration

Installation Overview

Password Protection

3.  Security Features

Security Model

Configuring and Using Authentication

Configuring and Using Access Control

Granting Privileges

Secure Deployment Checklist

Create a Separate User Account

Use a Secure Password for the User Account

Use a Strong Passcode on the iOS Device

VPN Access to Appliances

Secure Deployment Checklist

Following is a recommended set of criteria that should be met to safely and securely deploy the appliance monitor. It is strongly recommended that these requirements are met.

Create a Separate User Account

In the appliance BUI, create a separate user account specifically for use with the appliance monitor. Like any other user, the appliance monitor requires a user account to gain access to the appliance. The account is created on the appliance itself. Likewise, all permissions (promotions/demotions) and privileges are administered on the appliance. Use the guidelines for least privileges discussed in the Configuring and Using Access Control when creating and delegating privileges to users.

Use a Secure Password for the User Account

When choosing a password for the user account accessed by the appliance monitor, pick a string of at least eight characters. Longer passwords introduce a greater number of possibilities, making it harder to guess with each additional character. Also of importance, is the complexity of the password. To introduce a higher level of complexity, the password should contain characters from each of the following categories:

Do not repeat any characters or use passwords that represent names of people, places, things, or events.

Use a Strong Passcode on the iOS Device

Similar to the account password on the appliance, select a passcode for the mobile device that does not contain duplicate number or characters. Similarly, do not use a password that is representative of anything well known.

VPN Access to Appliances

Because the appliance is an enterprise class NAS appliance, it typically is deployed (although not always) in a private network environment. When accessing the appliance, under no circumstances is it recommended to enable port forwarding or introduce any additional mechanism that will allow external, unintended traffic into the private network. The appliance monitor should access an appliance directly on the same network, or remotely, by using a secure VPN client approved by the company maintaining the appliances and the networks on which they reside.