1.Server Best Practices
+ Secure Build and Initial Configuration Base-lining
+ Host Hardening ,patching and lock down
+ Block non-privileged access.
+ Limit remote access ; Ensure security protocols are used if remote administration is needed.
+ Host based firewall/IDS/IPS
+ Secure ongoing configuration maintenance
+ Patch management
+ Vulnerability assessments/Penetration tests
2.Storage networks
+ Initiators: server with host bus adapter that initiates the connection to a point on the storage system.
+ Targets: the port on the storage system that delivers the storage volumes, as LUNs (logical units numbers)
+ Avoid over subscription in iSCSI
+ iSCSI implementation
+ Dedicated network to reduce latency
+ iSCSI traffic is unencrypted -- Encryption must be added through IPSec and IKE
+ Authentication
+ kerberos/SRP (secure remote password)
SPKM 1 and 2 (Secure public key management) / CHAP
0 Comments