1-14
Security Overview
Getting Started with Access Security
This page allows you to choose between two setup types:
•
Typical
—provides a multiple page, step-by-step method to configure
security settings, with on-screen instructions for each option.
•
Advanced
—provides a single summary screen in which to configure
all security settings at once.
Refer to the WebAgent Online Help for detailed information about using the
Management Interface wizard.
SNMP Security Guidelines
In the default configuration, the switch is open to access by management
stations running SNMP (Simple Network Management Protocol) management
applications capable of viewing and changing the settings and status data in
the switch’s MIB (Management Information Base). Thus, controlling SNMP
access to the switch and preventing unauthorized SNMP access should be a
key element of your network security strategy.
General SNMP Access to the Switch.
The switch supports SNMP
versions 1, 2c, and 3, including SNMP community and trap configuration. The
default configuration supports versions 1 and 2c compatibility, which uses
plain text and does not provide security options.
HP recommends that you enable SNMP version 3 for improved security.
SNMPv3 includes the ability to configure restricted access and to block all
non-version 3 messages (which blocks version 1 and 2c unprotected
operation).
SNMPv3 security options include:
■
configuring device communities as a means for excluding management
access by unauthorized stations
■
configuring for access authentication and privacy
■
reporting events to the switch CLI and to SNMP trap receivers
■
restricting non-SNMPv3 agents to either read-only access or no access
■
co-existing with SNMPv1 and v2c if necessary
SNMP Access to the Authentication Configuration MIB.
A
management station running an SNMP networked device management
application, such as HP E-PCM Plus or HP OpenView, can access the switch’s
management information base (MIB) for read access to the switch’s status and
read/write access to the switch’s authentication configuration
(hpSwitchAuth). This means that the switch’s default configuration now
allows SNMP access to security settings in hpSwitchAuth.
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......