Local Manager Password; Inbound Telnet Access And Web Browser Access; Secure File Transfers - HP ProCurve J8766A Release Note

For the procurve series 4200vl switches
Hide thumbs Also See for ProCurve J8766A:
Table of Contents

Advertisement

It is important to evaluate the level of management access vulnerability existing in your network and
take steps to ensure that all reasonable security precautions are in place. This includes both
configurable security options and physical access to the switch hardware.

Local Manager Password

In the default configuration, there is no password protection. Configuring a local Manager password
is a fundamental step in reducing the possibility of unauthorized access through the switch's web
browser and console (CLI and Menu) interfaces. The Manager password can easily be set using the
CLI password manager command, the Menu interface Console Passwords option, or the password
options under the Security tab in the web browser interface.

Inbound Telnet Access and Web Browser Access

The default remote management protocols enabled on the switch are plain text protocols, which
transfer passwords in open or plain text that is easily captured. To reduce the chances of unauthorized
users capturing your passwords, secure and encrypted protocols such as SSH and SSL must be used
for remote access. This enables you to employ increased access security while still retaining remote
client access.
SSHv2 provides Telnet-like connections through encrypted and authenticated transactions
SSLv3/TLSv1 provides remote web browser access to the switch via encrypted paths
between the switch and management station clients capable of SSL/TLS operation.
(For information on SSH and SSL/TLS, refer to the chapters on these topics in the Advanced Traffic
Management Guide for your switch.)
Also, access security on the switch is incomplete without disabling Telnet and the standard web
browser access.Among the methods for blocking unauthorized access attempts using Telnet or the
Web browser are the following two commands:
no telnet-server: This CLI command blocks inbound Telnet access.
no web-management: This CLI command prevents use of the web browser interface
through http (port 80) server access.
If you choose not to disable Telnet and web browser access, you may want to consider using RADIUS
accounting to maintain a record of password-protected access to the switch. Refer to the chapter
titled "RADIUS Authentication and Accounting" in the Access Security Guide for your switch.

Secure File Transfers

Secure Copy and SFTP provide a secure alternative to TFTP and auto-TFTP for transferring sensitive
information such as configuration files and log information between the switch and other devices.
For more on these features, refer to the section titled "Using Secure Copy and SFTP" in the "File
Transfers" appendix of the Management and Configuration Guide for your switch.
Enforcing Switch Security
Switch Management Access Security
9

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Procurve 4200vlL.11.09

Table of Contents