Hardening Print Servers; Audit Policy Settings; User Rights Assignments - HP StorageWorks X5000 Technical Manual

Insight Lights-Out Edition board, and the HP Version Control Agents. HP Insight Manager provides
rapid access to detailed fault and performance information gathered by the HP Management Agents.
HP Insight Manager helps maximize system uptime and performance and reduces the cost of
maintaining the IT infrastructure by providing proactive notification of problems before those problems
result in costly downtime. HP Insight Manager also introduces powerful new functionality for system
software maintenance and configuration of management parameters across groups of managed
devices.
The HP Insight Manager Administrator account must meet NSA password guidelines. Administrators
must apply the following password guidelines:
Avoid using words from a dictionary, common or clever misspellings of words, and foreign
•
words.
Avoid using incrementing passwords with a digit.
•
Avoid preceding or appending passwords with a number.
•
Avoid using passwords that others can easily guess.
•
• Avoid using words from popular culture.
Avoid thinking of passwords as just full words.
•
Enforce using passwords that require users to type with both hands on the keyboard.
•
• Enforce using uppercase and lowercase letters, numbers, and symbols in all passwords.
Enforce using space characters and characters that can be produced only by pressing the Alt
•
key.
This prevents users, hackers, and rogue administrators from accessing server information on the HP
Insight Manager web home page and modifying its settings.

2.10 Hardening Print Servers

This section focuses on the challenges of further hardening print servers, since the most essential
services they provide are the ones that require the Microsoft® Windows® Network Basic
Input/Output System (NetBIOS) related protocols. The protocols for Server Message Block (SMB) and
Common Internet File System (CIFS) can provide rich information to unauthenticated users, therefore it
is often recommended to disable print servers from using these protocols in high-security Windows
environments. Nevertheless, disabling these protocols can make accessing these servers difficult for
both administrators and users within the network. The following sections in this section detail the areas
in which print servers can benefit from security settings not applied by the Member Server Baseline
Policy (MSBP). For more information about the MSBP, see section 2.8.

2.10.1 Audit Policy Settings

The Audit Policy settings for print servers in the three environments defined in this guide are
configured via the MSBP. For more information on the MSBP, see section 2.8. The MSBP settings
ensure that all the relevant security audit information is logged on all print servers.

2.10.2 User Rights Assignments

The User Rights Assignments for print servers in the three environments defined in this guide are
configured via the MSBP. For more information on the MSBP, see section 2.8. The MSBP settings
ensure that all appropriate User Rights Assignments are uniformly configured across print servers.
130