Cisco releases hardening guide for its unified computing system
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
October 29, 2014
Cisco said earlier this morning that it has released a new security hardening guide for its unified computing system (UCS) that reveals the company's servers have potentially insecure services turned off by default.
The document centres on hardening the three network planes of management, control and data including access rights through the UCS client manager, deploying encryption and secure logging including nvram and system event logs.
Overall, information from specific management sessions pertaining to UCS devices could make the system a target of internet attacks or source for further attacks.
Cisco also noted that privileged access of all its UCS devices that are granted full administrative control and recommended that management sessions be locked down.
Unused services that are deliberately enabled but since left to linger should be shut down as part of security best practices, while access control lists should be flicked on for routers and firewalls as a critical security control.
Traffic from interactive management sessions must be encrypted to prevent attackers nabbing sensitive information about devices and networks, the guide said.
The un-deleteable admin account must have strong passwords while other administrative accounts should have expiration dates set.
While system admins were plucking various accounts, Cisco recommended that they limit the number of login sessions to one and to turn on and configure SSH access.
Cisco pointed out that UCS server logging over UDP was unencrypted meaning admins should be careful about where the logs were stored, using strong cryptography when the information was sent to remote destinations.
System event logs could be exported with Secure Copy Protocol and Secure File Transfer Protocol, the guide added.
Additionally, system event log passwords should be different from that used on corporate accounts as should those used to protect intelligent platform management interface access.
Cisco added-- "Implementing the hardening best practices discussed in this document will greatly increase the internet security of the UCS system thus increasing overall security to the network the UCS is located in."
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!