{"id":9689,"date":"2020-09-15T06:47:54","date_gmt":"2020-09-14T20:47:54","guid":{"rendered":"https:\/\/nsrd.info\/blog\/?p=9689"},"modified":"2020-09-15T06:47:56","modified_gmt":"2020-09-14T20:47:56","slug":"data-domain-basics-hardening-password-controls","status":"publish","type":"post","link":"https:\/\/nsrd.info\/blog\/2020\/09\/15\/data-domain-basics-hardening-password-controls\/","title":{"rendered":"Data Domain Basics \u2013 Hardening Password Controls"},"content":{"rendered":"\n<p>While you can integrate Data Domain with an external authentication service such as LDAP or ActiveDirectory, not everyone chooses to do that. Further, there are some essential accounts (such as &#8216;sysadmin&#8217;) that can&#8217;t be disabled. In these circumstances, being able to define controls over the security of passwords is an essential part of the security hardening process.<\/p>\n\n\n\n<p>Data Domain deployments these days include a set of basic initial controls, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Minimum time between password changes for accounts;<\/li><li>Maximum time between password changes for accounts;<\/li><li>How many &#8216;old&#8217; passwords to block for a user account.<\/li><\/ul>\n\n\n\n<p>But these aren&#8217;t the only controls, and in this article I&#8217;ll show you how to get to the password hardening controls \u2013 and what the other options are.<\/p>\n\n\n\n<p>To get to the options, start by logging into the Data Domain system manager and click the <strong>Administration<\/strong> option in the left-hand navigation pane:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"448\" src=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password1-1-1024x448.png\" alt=\"\" class=\"wp-image-9691\" srcset=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password1-1-1024x448.png 1024w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password1-1-300x131.png 300w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password1-1-768x336.png 768w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password1-1-1536x673.png 1536w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password1-1.png 1587w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Step 1: Start by clicking the &#8220;Administration&#8221; option in the left-hand pane<\/figcaption><\/figure>\n\n\n\n<p>Clicking <strong>Administration<\/strong> by default will take you to the <strong>Access<\/strong> controls for the Data Domain. From here, click the <strong>More Tasks<\/strong> drop-down:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"515\" src=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password2-1024x515.png\" alt=\"\" class=\"wp-image-9692\" srcset=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password2-1024x515.png 1024w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password2-300x151.png 300w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password2-768x386.png 768w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password2-1536x772.png 1536w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password2.png 1588w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Step 2: Click the &#8220;More Tasks&#8221; dropdown menu<\/figcaption><\/figure>\n\n\n\n<p>From the <strong>More Tasks<\/strong> drop-down, click <strong>Change Login Options<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"515\" src=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password3-1024x515.png\" alt=\"\" class=\"wp-image-9693\" srcset=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password3-1024x515.png 1024w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password3-300x151.png 300w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password3-768x386.png 768w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password3-1536x772.png 1536w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password3.png 1588w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Step 3: Click the &#8220;Change Login Options&#8221; menu option.<\/figcaption><\/figure>\n\n\n\n<p>At this point you&#8217;ll get the password and login control options, which as you can see below is quite extensive:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"494\" height=\"647\" src=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password4.png\" alt=\"\" class=\"wp-image-9694\" srcset=\"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password4.png 494w, https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/09\/Password4-229x300.png 229w\" sizes=\"auto, (max-width: 494px) 100vw, 494px\" \/><figcaption>Step 4: Adjust the Login Options<\/figcaption><\/figure>\n\n\n\n<p>There are two specific sections to the policy controls:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Password Policy<\/strong> \u2013 Controlling the complexity of passwords, the frequency with which they can be changed, and the number of expired passwords that will be blocked, and<\/li><li><strong>Login Options<\/strong> \u2013&nbsp;Broader, umbrella controls over login attempts, failures and numbers.<\/li><\/ul>\n\n\n\n<p>Now personally, I&#8217;d love to be able to set passwords along the lines of <em><strong>frozen oysters make for really awful lollypops<\/strong><\/em> rather than <em><strong>f7HhH-KJY64[g**bc__d)!<\/strong><\/em>, but since everyone else has decided the latter is somehow more memorable than the former, you really can go nuts with the password policy and set appropriate options to force multiple password character classes. So if you want to make sure every password is a minimum length of 16 characters and includes an upper-case letter, lower-case letter, digit and special character, you can make those changes in this control panel.<\/p>\n\n\n\n<p>You&#8217;ll find comprehensive details about the different security options you can establish in the password controls in the <strong><a href=\"https:\/\/dl.dell.com\/content\/docu99921_DD_7.3_Security_Configuration_Guide.pdf?language=en_US&amp;source=Coveo\">Data Domain OS Security Guide<\/a><\/strong>. It&#8217;s a document I certainly recommend \u2013&nbsp;particularly if you&#8217;re looking for compliance details. There is an entire section on <strong>System hardening and best practices<\/strong> that has great insight into establishing tighter security controls on the system and the different protocols that can be used to access the system. This includes a <em>very<\/em> comprehensive table for DISA STIG standards.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While you can integrate Data Domain with an external authentication service such as LDAP or ActiveDirectory, not everyone chooses to&hellip;<\/p>\n","protected":false},"author":1,"featured_media":8476,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[6,1181,21],"tags":[],"class_list":["post-9689","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basics","category-data-domain-2","category-security"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2019\/10\/bigStock-Data-Security.jpg","jetpack_shortlink":"https:\/\/wp.me\/pKpIN-2wh","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/9689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/comments?post=9689"}],"version-history":[{"count":2,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/9689\/revisions"}],"predecessor-version":[{"id":9696,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/9689\/revisions\/9696"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/media\/8476"}],"wp:attachment":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/media?parent=9689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/categories?post=9689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/tags?post=9689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}