Hardening File Servers - HP StorageWorks X5000 Technical Manual

Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy

Hide thumbs Also See for StorageWorks X5000:

Release note (39 pages)

Limited warranty (76 pages)

Support manual (17 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

page of 156

/ 156
Contents
Table of Contents
Bookmarks

Table of Contents

There are three levels of encryption available, as the table below describes.

Encryption Level

High level

This level encrypts data sent from client to server and from server to client by

using strong 128-bit encryption. Use this level when the terminal server is running

in an environment containing 128-bit clients only (such as

Remote Desktop Connection clients). Clients that do not support this level of

encryption will not be able to connect.

Client Compatible

This level encrypts data sent between the client and the server at the maximum

key strength supported by the client. Use this level when the terminal server is

running in an environment containing mixed or legacy clients.

Low level

This level encrypts data sent from the client to the server using 56-bit encryption.

Important: Data sent from the server to the client is not encrypted.

2.8.7.6 Error Reporting

Setting Name in UI

Report Errors

Error reporting helps Microsoft track and address errors. Administrators can configure error reporting

to generate reports for operating system errors, Windows component errors, or program errors.

Enabling Report Errors causes such errors to be reported to Microsoft via the Internet or to an internal

corporate file share. This setting is only available on Windows XP Professional and Windows Server

2003.

This is the path for configuring this setting in the Group Policy editor:

Computer Configuration\Administrative Templates\System\Error Reporting

Error reports can potentially contain sensitive or even confidential corporate data. Microsoft's privacy

policy regarding error reporting ensures that Microsoft Corporation will not use that data improperly.

But the data is transmitted in clear-text HTTP, which could be intercepted on the Internet and viewed

by third-parties. For these reasons, this guide recommends disabling Report Errors.

2.9 Hardening File Servers

There are some challenges to further hardening file servers, since the most essential services they

provide are the ones that require the Microsoft® Windows® Network Basic Input/Output System

(NetBIOS) related protocols. The protocols for Server Message Block (SMB) and Common Internet File

System (CIFS) can provide rich information to unauthenticated users. Therefore, it is often

recommended to disable file servers from using these protocols in high security Windows

environments. Nevertheless, disabling these protocols can make accessing file servers difficult for both

administrators and the users on the network. The following sections detail the areas in which file

servers can benefit from security settings not applied by the Member Server Baseline Policy (MSBP).

For more information about the MSBP, see section 2.8.

Description

Legacy Client

Enterprise Client

Disabled

111

High Security

Disabled

Table of Contents

This manual is also suitable for:

Nsa security compliancy C2 security compliancy E3-fc2 security compliancy Cc security compliancy

Hardening File Servers - HP StorageWorks X5000 Technical Manual

2.9 Hardening File Servers

Related Manuals for HP StorageWorks X5000

Related Content for HP StorageWorks X5000

This manual is also suitable for:

Table of Contents