Scribd Logo
Upload

Welcome to Scribd!

  • Audit Program For VMWare, and Netapp Controls in XYZ Co-Location Data Center

    Uploaded by

    حسين عبدالرحمن
    8 views9 pages

    Original Title

    Audit Program for VMWare, And Netapp Controls in XYZ Co-Location Data Center

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views9 pages

    Audit Program For VMWare, and Netapp Controls in XYZ Co-Location Data Center

    Uploaded by

    حسين عبدالرحمن

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    Audit Program for VMWare, and Netapp controls in XYZ Co-Location Data Center

    SAS70

    Control Expected Control Planned Testing Procedures Control Description TOE TOE
    Objective of Controls Procedures Exceptions
    Coverage Adequate Adequate

    VMWare Server Consolidation

    Access to the VMWare service console is restricted. Inquire about access to VMWare service console.

    Policies are in place to grant access to the service console. Inquire about policies in place to grant access to
    service console.

    SSH access to login to the service console as ROOT is Inquire about use of SSH access to login to
    disabled. service console as root.

    VMs are not owned by ROOT. Inquire about ownership of VMs.

    Individual logins are used to access the service console? Inquire about use of individual logins used to
    access the service console.

    The VMWare server authenticates against an Active Directory Inquire about VMWare server authentication.
    Domain?

    The VMWare server utilizes failover on the VMnics connected Inquire about VMnic failover.
    to both the external and internal networks?

    Page 1 of 9
    Audit Program for VMWare, and Netapp controls in XYZ Co-Location Data Center

    SAS70

    Control Expected Control Planned Testing Procedures Control Description TOE TOE
    Objective of Controls Procedures Exceptions
    Coverage Adequate Adequate

    NAS

    Training

    Obtain and review policies and procedures for training and Inquire about policies and procedures for NAS
    periodic re-training of personnel supporting the Network personnel training.
    Appliance Environment.

    All employees who support Network Appliance Filers are Inquire about training of NAS support staff.
    required and have attended training.

    Obtain list of employees with relevant Network Appliance Inquire about NAS certifications.
    Certifications (NACA, NACP, NACE)

    IT Organization

    Obtain and review job descriptions for the personnel Review job descriptions for personnel responsible
    supporting the Network Appliance Infrastructure. for supporting NAS.

    Hardware

    Obtain and review policies and procedures for placing Inquire about policies and procedures for placing
    Network Appliance Filers into production. NAS into production.

    Obtain and review policies and procedures used for Inquire about policies and procedures for
    determining appropriate sizing for Network Appliance Filers. determining appropriate sizing for NAS.

    Obtain and review NetApp hardware standards documents. Inquire about NAS hardware standards
    documents.

    Page 2 of 9
    Audit Program for VMWare, and Netapp controls in XYZ Co-Location Data Center

    SAS70

    Control Expected Control Planned Testing Procedures Control Description TOE TOE
    Objective of Controls Procedures Exceptions
    Coverage Adequate Adequate

    Obtain and review procedures for tracking Filer reliability. Inquire about procedures for tracking reliability of
    NAS hardware.

    Evaluate compliance with Hardware policies, procedures and Inquire about compliance with hardware policies,
    standards - Interview NetApp Infrastructure personnel and standards, and procedures.
    review appropriate check-off lists.

    Data ONTAP

    Obtain and review the standard NetApp baseline and Inquire about NAS baseline policy.
    baseline policy.

    Evaluate compliance with NetApp baseline. Inquire about compliance with baseline.

    Obtain and review the NetApp patch management policy. Review NAS patch management policy.

    Obtain and review the software change management Inquire about NAS change management process.
    process.

    Obtain and review anti-virus policy and implementation for Inquire about anti-virus policy.
    NetApp Filers.

    Data Security

    Obtain and review file system security policies. Inquire about file system security policies.

    Evaluate compliance with file system security policy.

    Obtain and review backup and restore policies. Inquire about backup and restore policies.

    Evaluate compliance with backup and restore policies.

    Page 3 of 9
    Audit Program for VMWare, and Netapp controls in XYZ Co-Location Data Center

    SAS70

    Control Expected Control Planned Testing Procedures Control Description TOE TOE
    Objective of Controls Procedures Exceptions
    Coverage Adequate Adequate

    Physical Security

    Obtain and review physical security policies. Inquire about physical security policies.

    Evaluate compliance with physical security policies.

    User and System Management

    Obtain and review architecture documents for the test and Inquire about architecture documents for test and
    production NetApp implementation. production NAS implementation.

    Evaluate compliance architecture documents.

    Obtain and review documentation for user authentication and Inquire about user authentication and object
    object management for the Filers. management.

    Evaluate compliance with user authentication and object


    management.

    Obtain and review the user account management policy for Inquire about user account management policy
    local access to NetApp Filers. for local access to the NAS

    Evaluate compliance with the local user account


    management policy.

    Evaluate user account management review process.

    Obtain and review policies regarding shared user accounts Inquire about shared user accounts.
    and evaluate compliance with the policy for local user
    account access.

    Page 4 of 9
    Audit Program for VMWare, and Netapp controls in XYZ Co-Location Data Center

    SAS70

    Control Expected Control Planned Testing Procedures Control Description TOE TOE
    Objective of Controls Procedures Exceptions
    Coverage Adequate Adequate

    Obtain and review policies for administrative access to Inquire about administrative access to the NAS.
    Network Appliance Filers and evaluate compliance with the
    policy.

    Monitoring and Alerting

    Obtain and review policies for monitoring of Filers and alert Inquire about monitoring NAS.
    notifications.

    Evaluate compliance with monitoring and alerting policies.

    Obtain and review routine security scanning policies. Inquire about security scanning policies.

    Evaluate compliance with security scanning policies.

    Obtain and review incident response procedures. Inquire about incident response procedures.

    Business Continuity

    Obtain and review the Business Continuity Plan for Network Inquire about business continuity plan for NAS.
    Appliance Infrastructure.

    Evaluate compliance with the Business Continuity Plan.

    Additional Network Appliance Filer Controls

    Data ONTAP Administrator Access Controls

    ROOT is set to use strong passwords? Inquire about root password setting.

    Page 5 of 9
    Audit Program for VMWare, and Netapp controls in XYZ Co-Location Data Center

    SAS70

    Control Expected Control Planned Testing Procedures Control Description TOE TOE
    Objective of Controls Procedures Exceptions
    Coverage Adequate Adequate

    Trusted host (unauthenticated access), telnet, RSH (Remote Inquire about the status of trusted host, telnet,
    Shell), HTTP access is disabled RSH, and HTTP access.

    Access to hosts.equiv is disabled. (contains list of trusted hosts Inquire about access to hosts.equiv.
    who can access the system without authentication)

    SecureAdmin is installed. Inquire about use of SecureAdmin.

    SSH Login is restricted to authorized clients. Inquire about SSH Login.

    Non-root user accounts are used to access Data ONTAP. Inquire about non-root user access to Data
    ONTAP.

    Auto logout is enabled and configured to security policy Inquire about auto logout settings.
    standards.

    All administrator access to Data ONTAP is logged. Inquire about Data ONTAP administrator access
    logging.

    Password checks are enabled. Inquire about setting for password checks.

    NFS

    NFS authentication with Kerberos is enabled. Inquire about setting for “NFS authentication with
    Kerberos”

    IPSec encryption between the NFS clients and the filer is Inquire about setting for IPSec encryption
    enabled. (encryption may be too resource intensive) between the NFS client and the NAS.

    NFS sessions using TCP packets are enabled instead of UDP. Inquire about use of TCP packets.

    Page 6 of 9
    Audit Program for VMWare, and Netapp controls in XYZ Co-Location Data Center

    SAS70

    Control Expected Control Planned Testing Procedures Control Description TOE TOE
    Objective of Controls Procedures Exceptions
    Coverage Adequate Adequate

    NFS mounts are restricted to low-numbered ports. Inquire about restriction of mounts to low-
    numbered ports.

    CIFS

    Active Directory authentication is used to support Kerberos. Inquire about AD authentication.

    The share level ACL (access control list) is configured to Inquire about share level ACL configuration.
    authorized users only. (Has “Everyone/Full Control” been
    removed?)

    Auditing on CIFS access to the filer is enabled. Inquire about setting for “Auditing on CIFS access
    to the filer:

    Access to CIFS shares and sharenames is disabled for Inquire about CIFS access to shares and
    unauthenticated users. sharenames for unauthenticated users.

    CIFS guest access is disabled. Inquire about CIFS guest access.

    Multi Protocol Settings

    Ignoring of ACLs is disabled. Inquire about setting for “Ignoring of ACLs”

    Default root to admin mapping is disabled. Inquire about setting for “default root to admin
    mapping”

    Only root is allowed access to change file permissions. Inquire about access to change file permissions.

    Network Configuration

    Packet checking for correct addressing is enabled. Inquire about packet checking.

    Page 7 of 9
    Audit Program for VMWare, and Netapp controls in XYZ Co-Location Data Center

    SAS70

    Control Expected Control Planned Testing Procedures Control Description TOE TOE
    Objective of Controls Procedures Exceptions
    Coverage Adequate Adequate

    Logging of ping attacks is enabled. Inquire about ping attack logging.

    The IP address/hostnames authorized for backup have been Inquire about setup of IP address and hostnames
    set for SnapMirror and SnapVault? for SnamMirror and SnapVault.

    Source address verification is enabled for SnapMirror access. Inquire about source address verification for
    SnapMirror access.

    NDMP backup is limited to authorized hosts only. Inquire about NDMP backup limitations.

    MD5 authentication for NDMP is enabled. Inquire about MD5 authentication for NDMP.

    DFM (DataFabric Manager) version 3.0 or higher is being used. Inquire about version of DFM in use.

    System Services

    FTP, PCNFS, SNMP, RSH, Telnet, and TFTP are disabled Inquire about settings for FTP, PCNFS, SNMP,
    RSH, Telnet, and TFTP.

    iSCSI Settings

    iSCSI is only enabled on adapters where it is intended to be Inquire about settings for iSCSI adapters.
    used.

    The default iSCSI security method is set to “deny” (disables Inquire about default iSCSI security method.
    access by initiators with no security method defined)

    CHAP authentication is used for all iSCSI initiators. Inquire about CHAP authentication for iSCSI
    initiators.

    Page 8 of 9
    Audit Program for VMWare, and Netapp controls in XYZ Co-Location Data Center

    SAS70

    Control Expected Control Planned Testing Procedures Control Description TOE TOE
    Objective of Controls Procedures Exceptions
    Coverage Adequate Adequate

    Completely random passwords are used with iSCSI CHAP Inquire about random password use.
    authentication.

    Generates a random 128-bit password for CHAP


    authentication. (filer# iscsi security generate)

    Page 9 of 9

    You might also like