This section provides information about standard security practices that Dell recommends to secure your NAS system.
Non-Secure HTTP Ports
The NAS Manager can be connected to through port 1279, which uses Secure Sockets Layer (SSL) to encrypt data going to and coming from the NAS system to provide data security. See "Using Secure Sockets Layer" for more information.
The system can also be connected through the http shares page on port 80, which is not SSL-encrypted. It is recommended to disable http on the Shares page. See "Disabling HTTP Shares."
Passwords
The default administrator user name for your NAS system is administrator and the default password is powervault. Change the default administrator password as soon as possible. See "Changing the Administrator Password." Additionally, Dell recommends the following password practices for your NAS system:
Use passwords that are longer than six characters.
Do not use blank or simple passwords.
Do not use dictionary words.
Do not use personal information such as name, children's names, birth dates, and so forth.
Use a mix of numerals and upper and lowercase letters. For example, Rs4326tH.
FTP and Telnet
For security reasons, FTP and Telnet are disabled by default on the NAS system. If either of these protocols are enabled on a share on the NAS system and you need to disable them, see "Removing a Protocol From the Share."
Antivirus Software
Dell recommends using antivirus software on your NAS system to protect against viruses.
Microsoft Security Updates
Microsoft regularly posts security update patches to its website at microsoft.com. Dell recommends that you regularly check to ensure that your NAS system has the most recent security update.
Apple Environments
If you are using your NAS system in an Apple environment, install the Microsoft® User Authentication Module (UAM) on the NAS system. If AppleTalk is not installed on the NAS system, client access is not encrypted. See "Services for Macintosh" for more information.
Secure Socket Layer (SSL) Certificates
SSL certificates enable Web servers and users to authenticate each other before establishing a connection to create more secure communications. See "Using Secure Sockets Layer" for information.
Microsoft Baseline Security Analyzer
Use the Microsoft Baseline Security Analyzer (MBSA) to search for any security vulnerabilities. MSSA scans Windows-based servers for common security misconfigurations. The tool scans the operating system and other installed components such as Internet Information Services (IIS). MBSA also checks systems for missing security patches, and recommends critical security patches and fixes.
Additional Security Recommendations
In addition to the practices mentioned in "Standard Security Recommendations," Dell recommends the following practices to ensure security:
Format all volumes as NTFS.
Disable automatic log on.
Disable the guest account.
Do not install IIS sample applications.
Disable parent paths.
Move the MSADC and Scripts virtual directories from the default website to another location.
Ensure that you place appropriate restrictions on any Anonymous Logon groups. To allow UNIX® users who do not have Windows user accounts to access resources on a system running Windows, you must explicitly add the Anonymous Logon group to the Everyone group and assign the Anonymous Group appropriate permissions. For more information, see "Server for Network File System (NFS)."
Maximum Security Recommendations
This section provides information about practices recommended for maximum security on your NAS system.
Allow no more than two administrators on the NAS system.
Do not allow passwords that have no expiration date.
Enable Logon Success and Logon Failure auditing.
Disable unnecessary services.
Disabling unnecessary services also increases performance.
Remove the IISADMPWD virtual directory.
Enable application logging options for all Web and FTP sites.
Ensure that Internet Explorer zones have secure settings for all users.
Use the NAS system only for shares and services that are actively used.
