Dell EMC Avamar Product Security Guide 18.2 Dell Inc. June 2020 Rev. 06 Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2001 - 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Contents Figures.......................................................................................................................................... 7 Tables............................................................................................................................................8 Preface.........................................................................................................................................12 Chapter 1: Introduction.................................................................................................................. 15 Security patches.................................................................................................................................................................. 15 Periodic security updates for multiple components...................................................................................................15 Remedying security patch compatibility issues.......................................................................................................... 15 Email home notification using ConnectEMC.................................................................................................................... 15 Remote access..................................................................................................................................................................... 16 Avamar security features.................................................................................................................................................... 16 Avamar firewall hardening.............................................................................................................................................16 Chapter 2: Authentication.............................................................................................................. 17 About authentication............................................................................................................................................................17 Overview of Avamar user accounts...................................................................................................................................17 Login security settings.........................................................................................................................................................18 Login banner configuration........................................................................................................................................... 18 Configure login security.................................................................................................................................................18 Failed login behavior.......................................................................................................................................................19 Configure failed login behavior..................................................................................................................................... 19 Authentication types and setup......................................................................................................................................... 21 Avamar internal authentication.....................................................................................................................................21 Directory service authentication...................................................................................................................................21 Common Access Card and Personal Identity Verification........................................................................................23 Unauthenticated interfaces .........................................................................................................................................35 Selecting the authentication source........................................................................................................................... 35 User and credential management......................................................................................................................................36 Pre-loaded user accounts.............................................................................................................................................36 Customer Support password....................................................................................................................................... 38 Removing local account................................................................................................................................................38 Disabling Avamar server account................................................................................................................................ 38 Password complexity.................................................................................................................................................... 39 Secure credential requirements....................................................................................................................................41 Authentication to external systems................................................................................................................................... 41 Configuring remote connections.................................................................................................................................. 41 Remote component authentication.............................................................................................................................44 Credential security.........................................................................................................................................................60 Chapter 3: Authorization............................................................................................................... 62 About authorization.............................................................................................................................................................62 Contents 3 Default roles......................................................................................................................................................................... 62 Administrator roles........................................................................................................................................................ 62 Operator roles................................................................................................................................................................ 63 User roles........................................................................................................................................................................64 Role-based access control and the AUI........................................................................................................................... 64 Role mapping....................................................................................................................................................................... 66 External role associations................................................................................................................................................... 66 Default authorizations.........................................................................................................................................................66 Running commands with elevated privileges.............................................................................................................66 Entitlement export.............................................................................................................................................................. 69 Actions that do not require authorization.........................................................................................................................70 Chapter 4: Network Security.......................................................................................................... 71 Network exposure................................................................................................................................................................71 Terminology.....................................................................................................................................................................71 Utility node ports............................................................................................................................................................ 71 Storage node ports........................................................................................................................................................77