IBM FlashSystem

Journey | Importance, and role of ciphers in storage clusters. 

Sat September 11, 2021 11:28 PM

In the storage cluster’s SSH security configuration, both weak and strong Ciphers, Key Exchange Algorithms, and MAC Algorithms are active.

  • Why should we remove weak Ciphers, Key Exchange Algorithms, and MAC Algorithms from the storage clusters and associated end devices?

 

Summary:

Remove weak ciphers, key exchange algorithms, and MAC algorithms from storage clusters and associated end devices.

 

In-depth:

In storage clusters, both weak and strong Ciphers, Key Exchange Algorithms, and MAC Algorithms are active. It is best advised and recommended to allow/ keep strong ciphers, key exchange algorithms, and MAC algorithms only for SSH connections. And remove weak ones from cluster SSH security configurations due to SSH high-security connections and be followed across all the other the infrastructure devices like OS, network, servers (physical and virtual), and storage.

  • If weak ones are active in cluster SSH configuration, it is also red alerted while having a security scan of the storage system configurations.
  • If the end devices using weak ones, then engineers need to upgrade the application/ system configuration and involve the respective vendor for their 2nd opinion to understand any dependency.
  • If none of the end devices in the infrastructure using weak ones like “3des-cbc”, “aes128-cbc”, “aes192- cbc”, “hmac-sha1-96”, “hmac-sha1” “SHA-1”, "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", “hmac-md5” … Then remove them from SSH security configurations.
  • It will maintain SSH connection compliance and security.
Follow the right design and recommendations in storage arrays. The client’s storage infrastructure be better optimized.
#StorageAreaNetworks
#PrimaryStorage
#Storage

Statistics
0 Favorited
2 Views
1 Files
0 Shares
2 Downloads
Attachment(s)
pdf file
NetApp Data ONTAP_SSH Security Configuration_Understanding.pdf   574 KB   1 version
Uploaded - Sat September 11, 2021