- Key Sizes: 4096 minimum bits RSA, 512 bit ECDSA (SSH).
- Encryption: Full Disk Encryption of Physical Underlaying infrastructure.
- Chassis intrusion detection must be enabled if applicable.
- DRAC, ILO and management interfaces must be updated on a regular basis.
- All of Grade 1’s security practices
- SSHFP Record Stored in DNS with correct fingerprint.
- DRAC, ILO and management interfaces on dedicated secure Management Network.
- Firewall active and dropping all unknown traffic. (whitelist firewall)
- All of Grade 2’s security practices
- All processes listening on TCP or UDP that are not required shutdown and disabled.
- Fail to ban enabled and blocking IP’s on 3 failed login attempts.
- All of Grade 3’s security practices
- All logs of any senstive/personal information destroyed after 3 hours.
- Logging does not leave the server.
- Logging of any senstive/personal information does not leave the server.
- All of Grade 4’s security practices
- No logging of any senstive/personal information.
- Key Sizes: 4096 RSA, 512 bit ECDSA minimum bits (SSH).
- Encryption: Full Disk Encryption of Physical Underlaying infrastructure.
- All of Grade 1’s security practices
- SSHFP Record Stored in DNS with correct fingerprint.
- DRAC, ILO and management interfaces on dedicated secure Management Network.
- Firewall active and dropping all unknown traffic. (whitelist firewall)
- All of Grade 2’s security practices
- All processes listening on TCP or UDP that are not required shutdown and disabled.
- Fail to ban enabled and blocking IP’s on 3 failed login attempts.
- All of Grade 3’s security practices
- Encryption of Virtual Server's disk drives, boot and swap.
- All logs of any senstive/personal information destroyed after 3 hours.
- Logging of any senstive/personal information does not leave the server.
- All of Grade 4’s security practices
- No logging of any senstive/personal information.