Security management

Content Software for File CLI Reference

Version
4.2.x
Audience
anonymous
Part Number
MK-HCSF001-03

This page describes important security consideration for the Content Software for File cluster management.

The Content Software for File system is a secured environment. It deploys a combination of security controls to ensure secured communication and secured user data.

The security controls include the following:

  • HTTPS access: To access the Content Software for File GUI, you connect only to one of the system servers using HTTPS through port 14000.
  • Authentication tokens: The authentication tokens are used for accessing the Content Software for File system API and to allow the mounting of secure filesystems.
  • KMS: When creating an encrypted filesystem, a KMS must be used to properly secure the encryption keys. The KMS encrypts and decrypts filesystem keys.
  • TLS certificates: By default, the system deploys a self-signed certificate to access the GUI, CLI, and API through HTTPS. You can deploy your certificate by providing an unencrypted private key and certificate PEM files.
  • CA certificates: The system uses well-known CA certificates to establish trust with external services. For example, when using a KMS.
  • Account lockout: To prevent brute force attacks, if several login attempts fail (default: 5), the user account is locked for several minutes (default: 2 minutes).
  • Login banner: The login banner provides a security statement or a legal message displayed on the sign-in page.
  • GUI session automatic termination: The user is signed out after 30 minutes of inactivity.