Page 29
TLX12 Matrix Switch Product Manual
thinklogical
Rev. E, Oct., 2019
At system power up, after initial boot-up, the processor will only evaluate its Partition Table
(upstream.csv file) once upon becoming active. If an
upstream.csv
file is found, a log entry to the
deamon.log
file is made indicating
“Partition ENABLED.” If no file is found, then a log entry of “Partition
DIS
ABLED” is made.
Any errors that occur during the Partition Table evaluation process will be logged as
“error” with a
field
and line invalid
identifier. The
daemon.log file
will be at the following location on the processor:
/var/log/daemon.log
.
For access to the
daemon.log
file via SSH, refer to THE NETWORK INTERFACES section of this
manual (pg. 7) for correct IP addresses.
To verify the system
’s
Partitioning policy
, Thinklogical recommends the following:
1) Review the
daemon.log
file and correct any errors in the Partition Table before implementing
multiple levels of security classification domains on the same Matrix Switch.
2) Fully test the
Partitioning
before implementing multiple levels of security classification domains
on the same Matrix Switch.
There are cases where updates to the Partition Table need to be made in an active system.
When
an update is made to the table, the processor will not evaluate the updated table until the LAN
connection is restored.
Partition Switching is disabled when Partition Table files are removed.
By default, when there are
no Partition Table files, all ports not listed will default to partition 1. All Switches are shipped without
Partition Table files stored on the processor and therefore do not restrict any connection.
Administration Access
There are two methods by which the administrator can access the Switch Control Configurations:
1.
The Serial Console directly connected to the Switch.
(It should be noted that, while no
administrator password is required to use the Serial Console, physical access to the Switch is
required. Therefore, the Switch should be stored in a physically secure location to avoid
unauthorized access.)
2.
SSH access.
The Switch allows SSH connections to the Switch for management purposes. SSH
sessions are authenticated using an encrypted password file.
Password Security
For security purposes, the Switch defaults to using the Message-Digest Algorithm (MD5) and shadow
passwords
. It is highly recommended that you DO NOT alter these settings.
If you select the older
Data Encryption Standard (DES) format, passwords will be limited to eight alphanumeric characters
(disallowing punctuation and other special characters) with a modest 56-bit level of encryption.
The
single most important thing you can do to protect the Switch is create a strong password.
Creating Strong Passwords
:
The password can contain up to 127 characters and cannot contain a space.
MAKE THE PASSWORD AT LEAST EIGHT CHARACTERS LONG. The longer the password, the more
effective it will be. If you are using an MD5 password, it should be approximately 15 characters long.
With DES passwords, use the maximum eight-character length.
Mix UPper AnD LowER CASE LETTERS. Passwords are case sensitive, so mixing will multiply the
number of possible combinations.
Mix LETTER5 AND NUM8ER5 within the password to enhance its strength.
Include NON-ALPHANUMER!C CH@RACTER$. Special characters (& $ % >) and punctuation marks (?
“ - !) increase the strength of a password.