HP 3500yl Series Access Security Manual page 37
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
Feature
Default
Setting
Telnet and
enabled
Web-browser
access
(WebAgent)
SSH
disabled
Security Guidelines
The default remote management protocols enabled on
the switch are plain text protocols, which transfer
passwords in open or plain text that is easily captured.
To reduce the chances of unauthorized users capturing
your passwords, secure and encrypted protocols such
as SSH and SSL (see below for details) should be used
for remote access. This enables you to employ
increased access security while still retaining remote
client access.
Also, access security on the switch is incomplete
without disabling Telnet and the standard Web browser
access (WebAgent). Among the methods for blocking
unauthorized access attempts using Telnet or the
WebAgent are the following two CLI commands:
• no telnet-server: This command blocks inbound
Telnet access.
• no web-management: This command prevents use of
the WebAgent through http (port 80) server access.
If you choose not to disable Telnet and the WebAgent,
you may want to consider using RADIUS accounting to
maintain a record of password-protected access to the
switch.
SSH provides Telnet-like functions through encrypted,
authenticated transactions of the following types:
• client public-key authentication: uses one or more
public keys (from clients) that must be stored on the
switch. Only a client with a private key that matches
a stored public key can gain access to the switch.
• switch SSH and user password authentication: this
option is a subset of the client public-key
authentication, and is used if the switch has SSH
enabled without a login access configured to
authenticate the client's key. In this case, the switch
authenticates itself to clients, and users on SSH
clients then authenticate themselves to the switch by
providing passwords stored on a RADIUS or
TACACS+ server, or locally on the switch.
• secure copy (SC) and secure FTP (SFTP): By opening
a secure, encrypted SSH session, you can take
advantage of SC and SFTP to provide a secure
alternative to TFTP for transferring sensitive switch
information. For more on SC and SFTP, refer to the
section titled "Using Secure Copy and SFTP" in the
"File Transfers" appendix of the Management and
Configuration Guide for your switch.
Security Overview
Access Security Features
More Information and
Configuration Details
"Quick Start: Using the
Management Interface
Wizard" on page 1-10
For more on Telnet and the
WebAgent, refer to the
chapter on "Interface
Access and System
Information" in the Basic
Operation Guide.
For RADIUS accounting,
refer to Chapter 6, "RADIUS
Authentication and
Accounting"
"Quick Start: Using the
Management Interface
Wizard" on page 1-10
Chapter 8 "Configuring
Secure Shell (SSH)"
1-3
Hide quick links:
Advertisement
Chapters
Table of Contents
