HP StorageWorks P9000 Command View Advanced Edition Software Common Component Security Guide
Overview of security setup and operation
11
• Networks connecting management servers to storage management client terminals must be
able to preserve the confidentiality and integrity of the data. To protect the network, employ
appropriate measures such as using SSL for communication between a management server
and a storage management client terminal, or installing a storage management client terminal
inside the center. Another possibility is to use an exclusive line to connect a management
server and a storage management client terminal. Once these measures are in place, the
necessary devices can be installed, after which they must be set up correctly so that they
operate correctly.
1-3-5 Management of user authentication information
Only the three types of administrators - system integrators, account administrators, and storage
administrators - can access the management server on which Common Component is installed. To
prevent break-ins, the administrators must manage the authentication information appropriately. In
short, a user must not do anything that allows the user ID and the password for the user ID to
become known to anyone else. More specifically, an administrator must not do anything that allows
the password for a user ID to become known to anyone else, or that allows the authentication
information for the other administrators to become known to a third party. Registering and caching
authentication information in the browser are also prohibited. Administrators must specify
passwords that are difficult to guess, and change the passwords on a fairly regular basis.
Listed below are the minimum requirements for the Common Component security parameters for
secure operation of the system. The account administrator must specify security parameters of HP
StorageWorks P9000 Command View Advanced Edition that satisfy the minimum requirements.
• ”Minimum number” of characters in a password policy: 6
• ”Minimum required number of upper-case letters in a password”: 0
• ”Minimum required number of lower-case letters in a password”: 0
• ”Minimum required number of numeric characters in a password”: 0
• ”Minimum required number of symbols in a password”: 0
• ”Specifying the same password as the user ID”: permit
• ”Threshold of successive login failures for locking an account”: 3
In order to satisfy the minimum requirements, the account administrator must specify a password
that satisfies (that is, is the same as, or more than) the numbers in the first five of the above
requirements.
For “Specifying the same password as the user ID”, the account administrator can specify “permit”
or “not permit”. For ”Threshold of successive login failures for locking the account”, the account
administrator must specify and operate the system using a number that is the same as or less than
the number given above.
In addition, the system integrator password (specified by the system integrator) must satisfy all the
following requirements:
• The password must contain a minimum of eight characters. (More than eight characters are
allowed.)
• The password must contain one or more alphabetic characters.
• The password must contain one or more numeric characters.
And the procedure for using authentication information must be predefined so that when
authentication information is locked, the account administrator can unlock the information in
response to an appropriate request.
The system integrator must promptly change the default password set during system creation.
The account administrator and storage administrator must promptly change their default passwords
set by the account administrator or system integrator.
Administrators must always log out after finishing with the storage management software.