To secure the block storage:
Set strict access permissions (at least 640) for the following
configuration files in /etc/cinder/: cinder.conf, api-paste.ini,
policy.json, rootwrap.conf.
Do not set the noauth value to parameter auth_strategy under
the [DEFAULT] section.
Enable TLS for authentication.
Enable secure file permissions for Network-attached storage (NAS) by
the following setting in /etc/cinder/cinder.conf:
[DEFAULT]
nas_secure_file_permissions = auto
To avoid a DoS attack when an attacker sends an oversized request, verify
osapi_max_request_body_size or max_request_body_size under the
[oslo_middleware] section in /etc/cinder/cinder.conf is set to
114688:
[DEFAULT]
osapi_max_request_body_size = 114688
[oslo_middleware]
max_request_body_size = 114688