Home > Data Protection > PowerProtect DD Series Appliances > White Papers > Dell PowerProtect DD Series Appliances: Security > Security alert system settings
System operation can be monitored with various DD System Manager tools: reporting tools that automatically send email messages containing status and alerts, log files that contain a record of important system events, and SNMP monitoring using third-party SNMP managers.
Automatic logging and reporting tools that provide system status to Dell Support and designated email recipients are important in monitoring system operation.
Alerts are also sent as SNMP traps. For a complete list of traps, see the DDOS MIB Quick Reference.
Data can be vulnerable to man-in-the-middle (MITM) attacks when the attacker can impersonate an endpoint.
PowerProtect DD systems use self-signed certificates to build mutual trust with another system for secure data replication.
DDOS supports one-way and two-way authentication between the replication source and destination to provide additional security for replication operations.
Two-way authentication, which provides mutual verification, must be done to avoid MITM attacks when an application is accessing the system. Methods for doing two-way authentication include certificates and Kerberos. DD Boost also supports two-way authentication using preshared keys (PSK), which does not require certificates. Various applications may support one or more methods of two-way authentication depending on the application and the protocol (such as DD Boost). For example, Avamar supports two-way authentication using certificates.
DD Boost also supports two-way authentication using pre-shared keys (PSK), which does not require certificates. Various applications might support one or more methods of two-way authentication, depending on the application and the protocol (such as DD Boost).
The DD file system, SMS, Apache HTTP service, LDAP client, and SSH daemon use FIPS 140-2-compliant algorithms when FIPS is enabled.
DDOS uses FIPS certified libraries including Dell OpenSSL Cryptographic Library, BSafe, Crypto J, Cert-J, and SSL-K.
The hardening process is twofold. Traditionally, customers that are looking to harden a system are doing so because they are either under mandate or are practicing secure computing practices.
For more information, see the Dell DDOS Security Configuration Guide. The guide provides the hardening procedures and the mitigation steps that comply with federal Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).