SuperCluster M8 and SuperCluster M7 software is installed with many default security settings. Whenever possible, use the default secure settings:
Password policies enforces a minimum password complexity.
Failed login attempts cause a lockout after a set number of failed attempts.
All default system accounts in the OS are locked and prohibited from logging in.
Limited ability to use the su command is configured.
Unnecessary protocols and modules are disabled from the OS kernel.
Boot loader is password protected.
All unnecessary system services are disabled, including inetd (Internet service daemon).
Software firewall is configured on the storage cells.
Restrictive file permissions are set on key security-related configuration files and executable files.
SSH listen ports are restricted to management and private networks.
SSH is limited to v2 protocol.
Insecure SSH authentication mechanisms are disabled.
Specific cryptographic ciphers are configured.
The switches are separated in the system from data traffic on the network.