Reference Guide
Table Of Contents
- Dell EMC PowerStore Security Configuration Guide
- Contents
- Additional Resources
- Authentication and access
- Hardware root of trust
- Authenticating and Managing User Accounts, Roles, and Privileges
- Certificates
- Secure communication between PowerStore appliances within a cluster
- Secure communication for replication and data import
- vSphere Storage API for Storage Awareness support
- CHAP authentication
- Configuring CHAP
- External SSH access
- Configuring external SSH access
- NFS secure
- Security on file system objects
- File systems access in a multiprotocol environment
- Understanding Common AntiVirus Agent (CAVA)
- Code signing
- Communication security settings
- Auditing
- Data security settings
- Secure serviceability settings
- Operational description of SupportAssist
- SupportAssist options
- SupportAssist Connect via Gateway option
- SupportAssist Connect Directly option
- Requirements for SupportAssist Connect via Gateway
- Requirements for SupportAssist Connect Directly
- Configuring SupportAssist
- Configure SupportAssist
- CloudIQ
- Cybersecurity
- Security Alert Settings
- TLS cipher suites
- Directory Services
Auditing
This chapter contains the following information:
Topics:
• Auditing
• Remote logging
Auditing
Auditing provides a historical view of users activity on the system. A user with the role of Administrator, Security Administrator,
or Storage Administrator can use the REST API to search for and view configuration change events on the system. These
events that are audited are not just security related, all set operations (that is, POST/PATCH/DELETE) are audit logged.
Other interfaces such as the PowerStore Manager UI and the CLI can be used to search and view audit events.
Remote logging
The storage system supports sending audit log messages to a maximum of two hosts. The hosts must be accessible from
the storage system. Audit log message transfers can use a one-way authentication (Server CA Certificates) or an optional
two-way authentication (Mutual Authentication Certificate). An imported certificate applies to each remote syslog server that is
configured to use TLS Encryption.
To review or update remote logging settings, log in to PowerStore Manager and click Settings, and under Security select
Remote Logging.
The following information appears on the Remote Logging page for Remote Syslog Servers:
● Disabled or Enabled - Status of the sending log information to a remote host.
● Host IP address - Where the storage system sends remote log information.
● Port number and protocol (UDP or TCP) - The storage system transfers audit log information through port 514 using the
UDP protocol or port 1468 using the TCP protocol.
● Use certificate - A Server CA Certificate for one-way authentication with your remote syslog server is required to be
imported for remote syslog servers that are configured to use TLS Encryption.
● Audit Types - Types of audit events to send to the remote syslog server. The following types of audit events can be selected
to be sent to the remote syslog server:
○ Authentication
○
Authorization
○ Config (Configuration)
○ Logout
○ System
The following information appears on the Remote Logging page for certificates:
● Service - Remote Logging
● Type - Server CA Certificate or Mutual Authentication Certificate
● Scope - Remote Logging
● Issued by - Authority issuing the certificate
● Valid - Indicates whether the certificate is valid for use
● Valid to - Expiry date of the certificate
● Issued to - Entity receiving the certificate
3
36 Auditing