Gbe2 Interconnect Switch Security - HP ProLiant BL p-Class GbE2 User Manual

Setting Up and Installing the GbE2 Interconnect Switch

GbE2 Interconnect Switch Security

When planning the GbE2 Interconnect Switch configuration, secure access to the
management interface by:
•
Creating users with various access levels
•
Enabling or disabling access to various management interfaces to fit the security policy
•
Changing default SNMP community strings for read-only and read-write access
User, Operator, and Administrator Access Rights
To enable better GbE2 Interconnect Switch management and user accountability, three levels
or classes of user access have been implemented on the GbE2 Interconnect Switch. Levels of
access to CLI, Web management functions, and screens increase as needed to perform
various GbE2 Interconnect Switch management tasks. Conceptually, access classes are
defined as follows:
•
User interaction with the GbE2 Interconnect Switch is completely passive; nothing can be
changed on the GbE2 Interconnect Switch. Users may display information that has no
security or privacy implications, such as GbE2 Interconnect Switch statistics and current
operational state information.
•
Operators can only effect temporary changes on the GbE2 Interconnect Switch. These
changes will be lost when the GbE2 Interconnect Switch is rebooted/reset. Operators
have access to the GbE2 Interconnect Switch management features used for daily GbE2
Interconnect Switch operations. Because any changes an operator makes are undone by a
reset of the GbE2 Interconnect Switch, operators cannot severely impact GbE2
Interconnect Switch operation.
•
Administrators are the only ones that may make permanent changes to the GbE2
Interconnect Switch configuration, changes that are persistent across a reboot/reset of the
GbE2 Interconnect Switch. Administrators can access GbE2 Interconnect Switch
functions to configure and troubleshoot problems on the GbE2 Interconnect Switch.
Because administrators can also make temporary (operator-level) changes as well, they
must be aware of the interactions between temporary and permanent changes.
Access to GbE2 Interconnect Switch functions is controlled through the use of unique
surnames and passwords. Once you are connected to the GbE2 Interconnect Switch via the
local console, Telnet, or SSH, you are prompted to enter a password. The default user
names/password for each access level are listed in the following table.
NOTE: It is recommended that you change default GbE2 Interconnect Switch passwords after initial
configuration and as regularly as required under your network security policies. For more information,
refer to the "Setting Passwords" section in Chapter 2 of the HP ProLiant BL p-Class GbE2 Interconnect
Switch Command Reference Guide.
2-8
HP CONFIDENTIAL Codename: Strawberry Part Number: 331399-001 Last Saved On: 7/17/03 2:22 PM
HP ProLiant BL p-Class GbE2 Interconnect Switch User Guide