Security Overview
Access Security Features
Feature
Default
Setting
Security Guidelines
More Information and
Configuration Details
Telnet and
enabled
The default remote management protocols enabled on
Web-browser
the switch are plain text protocols, which transfer
access
passwords in open or plain text that is easily captured.
To reduce the chances of unauthorized users capturing
your passwords, secure and encrypted protocols such
as SSH and SSL (see below for details) should be used
for remote access. This enables you to employ
increased access security while still retaining remote
client access.
Also, access security on the switch is incomplete
without disabling Telnet and the standard Web browser
access. Among the methods for blocking unauthorized
access attempts using Telnet or the Web browser are
the following two CLI commands:
•
no telnet-server
: This command blocks inbound
Telnet access.
•
no web-management
: This command prevents use of
the Web browser interface through http (port 80)
server access.
If you choose not to disable Telnet and Web browser
access, you may want to consider using RADIUS
accounting to maintain a record of password-protected
access to the switch.
“Quick Start: Using the
Management Interface
Wizard” on page 1-11
For more on Telnet and web
browser access, refer to the
chapter on
“Interface
Access and System
Information”
in the
Management and
Configuration Guide.
For RADIUS accounting,
refer to
Chapter 6, “RADIUS
Authentication and
Accounting”
SSH
disabled
SSH provides Telnet-like functions through encrypted,
authenticated transactions of the following types:
• client public-key authentication: uses one or more
public keys (from clients) that must be stored on the
Chapter 8 “Configuring
switch. Only a client with a private key that matches
Secure Shell (SSH)”
a stored public key can gain access to the switch.
• switch SSH and user password authentication: this
option is a subset of the client public-key
authentication, and is used if the switch has SSH
enabled without a login access configured to
authenticate the client’s key. In this case, the switch
authenticates itself to clients, and users on SSH
clients then authenticate themselves to the switch by
providing passwords stored on a RADIUS or
server, or locally on the switch.
• secure copy (SC) and secure FTP (SFTP): By opening
a secure, encrypted SSH session, you can take
advantage of SC and SFTP to provide a secure
alternative to TFTP for transferring sensitive switch
information. For more on SC and SFTP, refer to the
section titled “Using Secure Copy and SFTP” in the
“File Transfers” appendix of the
Management and
Configuration Guide
for your switch.
1-4
Содержание PROCURVE 2910AL
Страница 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Страница 2: ......
Страница 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Страница 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Страница 156: ...TACACS Authentication Operating Notes 4 30 ...
Страница 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Страница 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Страница 516: ...Configuring Port Based and User Based Access Control 802 1X Messages Related to 802 1X Operation 12 76 ...
Страница 527: ...Configuring and Monitoring Port Security Port Security Figure 13 4 Examples of Show Mac Address Outputs 13 11 ...
Страница 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Страница 592: ...12 Index ...
Страница 593: ......
Страница 594: ... Copyright 2009 Hewlett Packard Development Company L P February 2009 Manual Part Number 5992 5439 ...