Continuity Software

CS Dell EMC PowerMax Benchmark | CS Dell EMC VMAX Benchmark

  • July 9, 2020
  • 4 min read

About Continuity™

Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.

Read more

This post covers security recommendations that you should follow to harden Dell EMC VMAX storage systems, Dell EMC PowerMax storage systems and their storage management hosts.

Rule ID Severity Title Description Resolution
K0601I0MP725 High Encrypt administrative sessions Ensure that administrative API sessions are encrypted to prevent sensitive information from being transmitted as cleartext. Verify that the SYMAPI_SECURITY_LEVEL option is set to SECURE.
K0401000P350 High Limit administrative rights to authorized personnel Review the list of users and groups assigned with storage administrative rights. Administrative rights should be limited to authorized personnel only. Misuse of administrative rights is a prominent form of attack. symauth -sid {param1} commit <<!
delete {param2} {param3};!
# param1 Symmetrix SID
# param2 “group” or “user”
# param3 name of the user or group
K0101000P150 Medium Events logged on a transactional basis To prevent loss of audit log entries if the base daemon is stopped and restarted before all entries are written, ensure that events are saved immediately to disk. Verify that the BACKGROUND_AUDIT_LOG option is set to ENABLED.
K0401I000947  High Restrict access to storage management folders and files Only privileged administrators should be able to access and modify the folders or files of the storage management software (Solutions Enabler, Unisphere). Review the ownership and permissions of the following directories:


K0401I000383 High Enforce user authorization rules Ensure that user authorization rules are honored and enforced by Solutions Enabler (AKA SYMCLI). SYMCLI uses the authorization control state to determine enforcement of rules. User authorization rules are used to restrict management access to arrays. symauth -sid {param1} set enforcement enforce
# param1 Symmetrix SID
K0201I000285  High Use reliable and effective host access ID on clustered hosts and virtual machines For added security on x86_64 (64-bit), IA64, and BS2000 hardware platforms, use alternate access IDs instead of hardware-based access IDs. Verify that the SYMAPI_ALTERNATE_ACCESS_ID option is set to ENABLE on hosts installed with management software that meet the specified criteria.
K0201000P115 High Change default (factory) passwords Change default (factory) passwords for built-in user accounts. Change password for the following user accounts:

  • smc
  • admin (ECOM)
  • admin (ESRS)
  • seconfig (vApp Unisphere, Solutions Enabler)
  • cseadmin (vApp Unisphere, Solutions Enabler, VASA)
  • vpconfig (VASA)
  • nodename@SELockbox1 (Lockbox)
K0401I000535  Medium Limit directory access to Solutions Enabler daemon When the storsrvd runs as root, it can present security vulnerabilities in situations where a user through a CLI or some other application provides a pathname on which a daemon can operate. Verify that the storsrvd:SECURE_DIRECTORY_PATH option is configured with minimal set of required paths when the storage management host is meeting the specified criteria.
K0101000P743  High LUN access control Review LUN zoning and masking configurations to ensure that storage volumes are accessible only to designated hosts or clusters. Contact us.
K0101000P190 High Audit log retention Contact us.
K010100MP100 High Audit log sent to central logging servers Contact us.
K0101000P160 High Audit log content Contact us.
K20010V0P220 High Identify and resolve Storage OS and software vulnerabilities (CVE) Contact us.
K0201I0MP120 High Limit use of local user accounts Contact us.
K1301000P650 High Data at-rest encryption Contact us.
K1301000P655 High FIPS 140-2 compliance Contact us.
K0201I00P120 High Interested in the complete list of rules?

Our Data Security Advisor solution includes:

⇒  The complete list of rules for EMC and other storage vendors,  including hundreds of additional best practices.

⇒ The ability to automatically scan and validate the rules in your storage environment.

⇒ Detailed remediation guidance.

⇒ Mapping to information security standards.

Contact us to learn more about our Data Security Advisor product and our assessment services.

K010100M0612 High
K060100MP927 High
K130100MP006 Medium
Hundreds of additional rules are available in Data Security Advisor.


See StorageGuard in Action

Watch a 40-second tour of StorageGuard, and discover how to eliminate blind spots in your storage & backup systems.

Watch the demo
We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our
Privacy Policy I Agree