Академический Документы
Профессиональный Документы
Культура Документы
Jenny Beazley
Senior Project Manager
EMC Corporation
Beazley_Jenny@emc.com
Page
1 of 9
Table of Contents
1 Security Concepts.................................................................................................................................................. 3
2 Current Security Initiatives..................................................................................................................................... 4
2.1 Certified Data Erasure ......................................................................................................................................... 4
2.2 EMC Secure Remote Support (ESRS) Gateway ................................................................................................ 4
2.2.1 Encryption......................................................................................................................................................... 5
2.2.2 Authentication ................................................................................................................................................... 5
2.2.3 Access .............................................................................................................................................................. 5
2.2.4 Audit.................................................................................................................................................................. 6
2.3 Symmetrix Service Credential, secured by RSA ................................................................................................. 6
2.3.1 Authentication ................................................................................................................................................... 7
2.3.2 Access .............................................................................................................................................................. 7
2.3.3 Audit.................................................................................................................................................................. 7
2.2.4 in addition: Certified Data Erasure ............................................................................................................... 7
3 Security Best Practices........................................................................................................................................... 7
3.1 Setting Secure Passwords .................................................................................................................................. 7
3.2 Access Control..................................................................................................................................................... 8
3.3 Encryption............................................................................................................................................................ 8
3.4 Confidential Information....................................................................................................................................... 8
3.5 Social Engineering............................................................................................................................................... 9
4 Where can I find out more? .................................................................................................................................... 9
5 Author Biography .................................................................................................................................................... 9
Disclaimer: The views, processes or methodologies published in this compilation are those of the author. They do
not necessarily reflect EMC Corporations views, processes, or methodologies.
Page
2 of 9
1 Security Concepts
Information Security revolves around a simple AAA concept:
Page
3 of 9
An audit log tracks successful erasures and a validation certificate can be printed to indicate the
overwrite procedure was completely properly.
Page
4 of 9
2.2.1 Encryption
All communication between the connected devices and EMC is sent securely in encrypted format (128bit Advanced Encryption Standard, or AES) over the IP-based infrastructure.
2.2.2 Authentication
Similar to the SymmIP Remote Connection Console, EMC personnel providing remote support to
customers over the ESRS Gateway must first be authenticated against EMCs internal network (either
directly or via the Virtual Private Network (VPN).
2.2.3 Access
The ESRS Gateway Policy Manager on the Gateway Server allows the customer device and
application level control of access to each installed EMC product. The customer is able to specify the
timeframes that remote connections are automatically allowed (e.g. during normal business hours from
Monday to Friday) or whether EMC support personnel must always ask before connecting.
Page
5 of 9
2.2.4 Audit
Audit logging provides a detailed record of remote access sessions, which will be maintained at the
customer site.
Access Control
Audit Log
Service Processor
Symmetrix Service Credential,
secured by RSA
Disk Erasure
Page
6 of 9
2.3.1 Authentication
Enginuity 5772 prevents unauthorized service actions by authenticating valid identities on the Service
Processor. The level of authentication is strong, using industry-leading RSA technology. The
encrypted credential is coupled with a user password and varies by user, action, system and time.
2.3.2 Access
Actions are authorized via role-based access controls, meaning a Customer Engineer attending a site
to replace a disk does not have access to perform more complex procedures, such as upgrading. This
complements the Symmetrix Access Control authorization of server actions on devices.
2.3.3 Audit
Enginuity 5772 provides a tamper-proof view of management and support actions. It records all major
activities on the Symmetrix, including host-initiated actions, physical component changes, actions on
the Service Processor and attempts blocked by security controls. The log is secure and tamper-proof,
meaning event contents cannot be altered and only authorized users can access logs.
Page
7 of 9
Be dictionary words
Contain the username
Be written down and stored near the PC/laptop (e.g. post-it note under the keyboard!!)
The most secure passwords appear random. A good tip for generating a secure password is to
convert a sentence into a character string. For example, I love to work at EMC, Hopkinton,
Massachusetts could translate to the 10 character password: I<2w@EHMa (using the text-based
graphic heart-shape <3 to denote the word love).
Page
8 of 9
There can also be a risk in customer log files. These can potentially contain IP addresses, host names
and other information that could cause problems for the customer if it fell into the wrong hands.
5 Author Biography
Jenny Beazley joined EMC Australia in November 2003 as a CLARiiON Technical Support Engineer
and became the first CLARiiON SSE globally to achieve EMC Proven Professional status. Ms. Beazley
returned to her native UK in June 2006 as an EMC Senior Project Manager, specializing in Security.
Previous roles include Database Performance Tuning Engineer for the UniData and UniVerse database
suites at IBM and Technical Consultant/Programmer for one of IBMs customers. She is currently
studying for an MBA.
Page
9 of 9