Hitachi Remote Ops Security FAQ
Question
What security features are included as part of Hitachi Remote Ops (HRO)?
Environment
- Hitachi Remote Ops (HRO)
Answer
If Hitachi Remote Ops is external facing or hosted on non-customer managed network, does it include or rely on customer approved malware & virus blocking/detecting strategy and solution?
The Hitachi Remote Ops client isn't external-facing. HTTPS traffic is outbound only. Malware and virus blocking/detection is not installed on customer hardware.
In the event of application or authentication errors, does Hitachi Remote Ops respond with a message that is helpful to the user but does not reveal sensitive information?
Yes.
If confidential or higher information is stored on Hitachi Remote Ops's media, can customer standard processes be used for wiping the device?
Hitachi Remote Ops does not access or store user data.
If Hitachi Remote Ops can directly access a non-customer managed network, does it have an active and managed firewall?
Hitachi Remote Ops does not have an in-built firewall and relies on customer hardware configuration. Hitachi Remote Ops network traffic between the customer device and Hitachi Vantara relies on the firewall from the customer network that Hitachi Remote Ops communicates with.
Does Hitachi Remote Ops implement security measures (e.g. validation or escaping input) to ensure input data does not get executed as code?
Web interfaces have data validation to ensure input data does not get executed as code.
Does Hitachi Remote Ops have comprehensive documentation, covering how operations will need to administer, monitor and support Hitachi Remote Ops?
Yes.
Does Hitachi Remote Ops use biometry (use of fingerprint, voice scanner, etc.)?
No.
Can remote support features in Hitachi Remote Ops be disabled?
Yes, remote data collection and microcode update features can be disabled so that HRO monitors for errors only.
Does Hitachi Remote Ops prevent the passwords or PINs from being hardcoded or displayed in clear text?
Yes.
Can Hitachi Remote Ops enforce customer's password complexity rules?
No.
Is there a Vulnerability and Threat Management (VTM) team for the product, including the release of security patches and configuration updates in order to provide full VTM support?
Yes. The Hitachi Remote Ops solution fully integrated with Hitachi Vantara's overarching vulnerability remediation process.
Does Hitachi Remote Ops have a lab/dev environment where changes can be tested before they are rolled out into production?
Yes.
Does Hitachi Remote Ops store all symmetric and private keys either in a secure hardware (e.g. HSM) or in an encrypted form/key store and can access to them be limited to authorized staff?
Yes, keys are encrypted. Customers can limit access to the server.
Does Hitachi Remote Ops ensure that symmetric keys and private keys do not appear in clear at any time and distributed in an encrypted form via a customer-approved cryptography algorithm/protocol?
Private keys in the SSL certificate are installed with the application. They are not exposed or distributed.
If Hitachi Remote Ops uses or accepts digital certificates, does it work with approved Certificate Authorities?
Yes.
If Hitachi Remote Ops has a component deployed in DMZ, is it ensured that it does not store confidential or higher data in the DMZ persistently?
Yes.
If Hitachi Remote Ops is accessible to/from the internet, is it accessed via customer standard network connections (DMZs)?
This is not dependent on Hitachi Remote Ops configuration but dependent on the operating system configuration.
Is Hitachi Remote Ops using a customer approved (mutual) authentication protocol, to protect credentials in transit, and to prevent replays and session injection/hijacking?
Yes.
Does Hitachi Remote Ops authenticate any peer systems or components before interacting with them?
Yes - the Monitor agent authenticates. The SVP Agent does not authenticate peer systems. However, peer systems are also not exposed to the public internet through the SVP Agent. Security between the Site Manager and the peer systems on the internal LAN monitored by it has traditionally been handled by the OS at the IP / port level through Windows Firewall.
Does Hitachi Remote Ops encrypt sensitive data such as PII , authentication data and business sensitive information during data transmission?
PII and business sensitive data are not transmitted. Authentication data is encrypted between Hitachi Vantara and customer.
Does Hitachi Remote Ops use Mobile Code (e.g., Active-X, Java Applet, etc.)?
No.
What time-stamping method is used for Hitachi Remote Ops event logging?
In almost all cases time-stamping matches the operating system clock. For certain time-sensitive remote operations, Hitachi Remote Ops corrects for incorrectly set times using server-side supplied information.
If user input validation is required, is the Input validation conducted at the back end system not at the front end?
For the maintenance/service functionality of Hitachi Remote Ops, validation is conducted on the server where Hitachi Remote Ops is installed (back end). For the monitoring functionality of Hitachi Remote Ops, validation is conducted on the client-side (front end).
Does Hitachi Remote Ops have file or folder level access?
No. Also, it does not handle PII or confidential information.
Does Hitachi Remote Ops include macros or any type of embedded coding or logic?
No.
Does Hitachi Remote Ops encrypt restricted information or authentication data at storage?
Yes, it encrypts authentication data. Hitachi Remote Ops does not handle restricted information.
Does Hitachi Remote Ops log Significant Security Administration events such as user creation, modification of user rights, system security configuration, or password resets?
Yes. Hitachi Remote Ops logs the following event types:
- Unsuccessful login (failure log on)
- User/group creation
- Modification of roles/profiles
- Changes to system security configuration
Does Hitachi Remote Ops ensure permission controls are in place to prevent modification to logging events?
No. Separate access/permission controls would need to be implemented on the hardware on which Hitachi Remote Ops is installed, at the O/S level or otherwise.
Hitachi Remote Ops support a timestamp of date, hours, minutes, and seconds?
Yes, Hitachi Remote Ops supports a timestamp with a clear granularity including seconds.
Do Hitachi Remote Ops logs contain any confidential or higher classified information, or any authentication classified information.
No, logs do not include any confidential information.
Does Hitachi Remote Ops prevent a user from granting access or privilege to oneself?
Access to Hitachi Remote Ops is controlled at the OS level.
If Static ID/Password (except functional IDs) is used by Hitachi Remote Ops, is it locked out after X consecutive failed log in attempts?
This functionality is currently not supported.
Does Hitachi Remote Ops require specific password complexity rules (i.e., PBE standards)?
No, not currently.
Does Hitachi Remote Ops integrate with central authentication solutions (e.g. Active Directory, Single-Sign On)?
Hitachi Remote Ops uses LDAP.
Does Hitachi Remote Ops prevent authentication credentials (e.g., passwords, PIN number) from being displayed in clear text?
Yes.
If the product uses or accepts digital certificates, does it work with approved Certificate Authorities as per the customer Certificate Standard?
Hitachi Remote Ops ships with a self-signed digital certificates that can be replaced with a customer-supplied digital certificates per customer requirements.
When digital certificates are used for digital signatures or authentication, is an up-to-date certificate revocation list (CRL) used to verify the validity of the CA’s and user’/server’s certificates?
For the maintenance/service functionality of Hitachi Remote Ops, this depends on the platform. The monitoring functionality does not use this.
Is it ensured that each cryptographic key is used for one specific purpose only?
Yes.
Does the product ensure that symmetric keys and private keys do not appear in clear at any time?
Yes.
Does Hitachi Remote Ops serve as a perimeter firewall?
No.
If applicable, do Remote Access and Host Security implement group-based access controls?
Yes.
If Hitachi Remote Ops uses a web-based user interface, does it enforce unique session identifiers to prevent them from being passed over unencrypted channels or manipulated by the user?
Yes, some functions use unique session identifiers that keeps them from being passed over unencrypted channels. The maintenance/service functionality of Hitachi Remote Ops does not enforce unique session identifiers. However, the web-based user interface can be disabled and is not essential for Hitachi Remote Ops. Further details can be provided upon request.
Does the authentication server(s) create unique security contexts for authenticated users (e.g., secure cookies or Kerberos tickets)?
No.
Does this solution prohibit user/application to store confidential or higher classified information on user owned solutions or in a third party virtual environment (e.g., cloud)?
Yes.
Does Hitachi Remote Ops transmit or store customer Information outside the customers' global network?
No.
If Hitachi Remote Ops allows network connectivity between customer and Third Parties, does it prevent the Third Party from connecting to another Third Party where customer provides no intermediary business services?
All external vendors are required to comply with Hitachi Vantara data policies.
Does Hitachi Remote Ops enforce an expiration of session ID's after logout and timeout and require reentry of credentials after the session is timed-out?
Yes. The SVP Agent logs a user out of the web interface after 2 hours. This timespan is being reduced in future releases of the Agent.
Who at Hitachi Vantara has access to Hitachi Remote Ops?
Employees have access to HRO, as administered by domain login. Of those, only specific personnel can access the HRO tools that are available for interactive data collection, such as dump requests. These permissions are given to certain employees as needed.
What data is included in a detail and standard dump from Hitachi Vantara storage products?
Personally Identifiable Information (PII) isn’t included in HRO dumps. Only environmental data, error data, performance and diagnostic data are the included in either a detail or summary dump.
Who has access to old backup of customer data (remote ops) dumps etc.?
We don’t collect any PII, but configuration data is purged after 30 days of the device not reporting into us. For other types of data we keep the data for a maximum of 1 year, or as according to regional laws. Only specific HV personnel can access the HRO tools that are available for interactive data collection (such as dump requests) as specifically needed to trouble-shoot the dump data.
How is data encrypted by the Service Processor Agent?
Application authentication data is encrypted at rest using AES 256.
Non-sensitive application data and storage product remote maintenance data (storage product configuration information, error information, etc) is encrypted in transit. The minimal level of encryption used for encrypting data in transit is dependent on the security settings that are configured at an OS level in Windows on devices that are running the application.
Additional Notes