22
© 2009 VBrick Systems, Inc.
Improving Security
You can improve security by (1) blocking unauthorized attempts to login and access a device
and (2) by reducing exposure to malicious software attacks. The most common vulnerability
is related to user accounts and passwords. After a successful installation, you should
immediately change the default passwords. Many attacks come from within an organization
and this helps to minimize the risk. The VBAdmin login is generally secure since it utilizes
encryption techniques to hide usernames and passwords from network spyware.
Malicious software covertly attaches itself to unsuspecting devices. These programs are
generally designed to compromise personal information or to create system havoc. Since the
VBrick appliance uses an industrial-grade operating system, it is less susceptible to malicious
software and unlikely to be a target of programs designed to attack PC-based systems like
Microsoft, Linux, and others. However, you can still take additional steps to minimize risk.
VBrick tries to make installation as simple and quick installation and many features are
automatically enabled by default even though you may not need them. You can selectively
disable unneeded features to reduce vulnerability. Another common problem is Denial of
Service (DoS) attacks. A DoS sends floods of packets to an unsuspecting remote system in an
attempt to disrupt or stop normal operation. These unsuspecting remote systems are typically
discovered using ICMP or Ping. It is standard industry practice to block all ICMP and Ping
requests from off-net foreign hosts. This is typically done in a centralized location using
router/firewall technology which is more successful and cost effective than resolving the
issue at each host.
Logging
Logging of certain events can be stored both locally (within the VBrick device) or externally
(for example on a server). Local logs are stored in volatile memory. For preservation of
information, it is recommended that remote logging be utilized. Remote servers generally
offer ample storage and offer the additional benefit of collecting log information from
several VBricks simultaneously. When logging externally, specify either the IP address or
hostname of the actual server using the
Remote Event Log Destination
field. If remote
logging is enabled, the log information is sent via SNMP traps. When you enable logging, be
sure to set the system date and time (see System Time on page 11) or select a network time
server in order to get accurate time stamps in the logs.
Generate Security Keys The security keys used internally by HTTPS and SSH are
factory-generated and should be replaced only if security is an
issue. Note: Key generation is CPU-intensive and should only be
performed when the appliance is idle. It will take 3–5 minutes if
the appliance is idle (or much longer if the appliance is in use).
Security Keys Status
•
Valid Keys
– The existing security keys are valid.
•
Generating Keys
– New security keys are being generated.
•
Reboot Required
– New security keys have been generated and
will take effect after a reboot.
Summary of Contents for 7000 Series
Page 3: ......
Page 7: ...vi Contents ...
Page 41: ...32 2009 VBrick Systems Inc ...
Page 65: ...56 2009 VBrick Systems Inc ...
Page 77: ...68 2009 VBrick Systems Inc ...
Page 83: ...74 2009 VBrick Systems Inc ...
Page 84: ......
Page 85: ...VBrick Systems Inc 12 Beaumont Road Wallingford Connecticut 06492 USA ...