System hardening: Overview
PDF of this doc site
- Get started
Install and upgrade
Install appliance hardware
- Install hardware
- Set up hardware
- Install Red Hat Enterprise Linux or CentOS
- Install Ubuntu or Debian
- Install VMware
- Install appliance hardware
Configure and manage
- Manage security
Manage objects with ILM
- ILM and object lifecycle
- Administer StorageGRID
- Use a tenant account
Use S3 REST API
- Support for Amazon S3 REST API
Monitor and troubleshoot
- Monitor StorageGRID system
- Troubleshoot StorageGRID system
- Expand your grid
Recover nodes and maintain your grid
Grid node recovery procedures
- Recover from Storage Node failures
- Recover from Admin Node failures
- Decommission procedure
- Grid node recovery procedures
Maintain SG6000 hardware
- Maintenance configuration procedures
- Maintain SG5700 hardware
System hardening is the process of eliminating as many security risks as possible from a StorageGRID system.
This document provides an overview of the hardening guidelines that are specific to StorageGRID. These guidelines are a supplement to industry-standard best practices for system hardening. For example, these guidelines assume that you use strong passwords for StorageGRID, use HTTPS instead of HTTP, and enable certificate-based authentication where available.
As you install and configure StorageGRID, you can use these guidelines to help you meet any prescribed security objectives for information system confidentiality, integrity, and availability.
StorageGRID follows the NetApp Vulnerability Handling Policy. Reported vulnerabilities are verified and addressed according to the product security incident response process.
General considerations for hardening StorageGRID systems
When hardening a StorageGRID system, you must consider the following:
Which of the three StorageGRID networks you have implemented. All StorageGRID systems must use the Grid Network, but you might also be using the Admin Network, the Client Network, or both. Each network has different security considerations.
The type of platforms you use for the individual nodes in your StorageGRID system. StorageGRID nodes can be deployed on VMware virtual machines, within a container engine on Linux hosts, or as dedicated hardware appliances. Each type of platform has its own set of hardening best practices.
How trusted the tenant accounts are. If you are a service provider with untrusted tenant accounts, you will have different security concerns than if you only use trusted, in-house tenants.
Which security requirements and conventions are followed by your organization. You might need to comply with specific regulatory or corporate requirements.