ECS features that protect against unwarranted access include:
- Platform lockdown—Disables SSH access to nodes
- Retention policies—Limit the ability to change records or data under retention
- Audit events—Record changes in the system configuration, and track logins and sudo commands run on node, bucket operations such as setting bucket permissions, and user operations such as set or delete password.
- Immediately change the ECS default account password for administrator on nodes and for root on ECS portal.
- Use individual user accounts for day-to-day administration as opposed to the integrated ECS account.
- Use the “Platform Lockdown” feature if ECS nodes must not be accessible by SSH.
- Set appropriate retention for objects to protect from accidental deletions.
- Use SSL for additional security.
- Monitor “unauthorized” access and modifications through audit events.
|