NETGEAR ProSafe GSM7212 Application Note
Configuring and enabling management security
Hide thumbs
Also See for ProSafe GSM7212:
- Cli reference manual (284 pages) ,
- User manual (228 pages) ,
- Hardware installation manual (38 pages)
Related Manuals for NETGEAR ProSafe GSM7212
Summary of Contents for NETGEAR ProSafe GSM7212
- Page 1 Application Note: Configuring and Enabling Management Security Publication Version 1.0, February 2006...
- Page 2 February 2006 Information in this document is subject to change at any time without notice and is provided "as is" with no warranty. NETGEAR, Inc. makes no warranty of any kind with regard to this material including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.
-
Page 3: Table Of Contents
Application Note: Configuring and Enabling Management Security Chapter 1 Introduction Chapter 2 Enabling Management Security Certificate Generation ...2-1 Configuring Secure Shell ...2-2 Disabling Insecure Access ...2-3 Configuring Secure Socket Layer ...2-3 Preventing Insecure Web Sessions ...2-4 Appendix A Certificate Generation Scripts SSH ... - Page 4 Publication Version 1.0, February 2006...
- Page 5 Shell (SSH). SSH provides a number of services in a secure manner. These include port forwarding, file transfer, X11 forwarding, and interactive login. Of these, currently only interactive login is of interest for the NETGEAR managed switch software. Managing devices with a web browser has been standard practice for several years.
- Page 6 Application Note: Configuring and Enabling Management Security Introduction v1.0, February 2006...
-
Page 7: Enabling Management Security
Linux. Once the component files are created, the credentials must be loaded onto the switch running the NETGEAR managed switch. This is accomplished using the copy command from a tftp server. 1. From privileged EXEC mode, issue the following command: #copy tftp://192.168.77.122/rsa1.key nvram:sshkey-rsa1... -
Page 8: Configuring Secure Shell
# ip ssh as described in the Command Line Interface Reference manual. This will allow secure shell sessions to be instantiated on the NETGEAR managed switch. 2. Check the message log to determine the success or failure of the command. -
Page 9: Disabling Insecure Access
(did not decode). In this case, the authentication credentials were invalid and should be regenerated. Disabling Insecure Access To disable insecure access to the NETGEAR managed switch, issue the following command: # no telnet Note: Caution should be exercised before issuing this command as once Configuring Secure Socket Layer Optionally or in concert with SSH, SSL may be enabled. -
Page 10: Preventing Insecure Web Sessions
Insecure web sessions may be prevented by disabling the http server using the privileged EXEC mode command: # no ip http server As with secure shell, the best guide for information on NETGEAR managed switch commands that control HTTP and HTTPS access is the Command Line Interface Reference manual. -
Page 11: Certificate Generation Scripts
Exercise care when using cut and paste to generate this file as formatting can wrap some command lines. For example: /usr/bin/openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -config root.cnf -passout pass:NETGEAR should appear on a single line in the shell script. Certificate Generation Scripts Application Note: Configuring and Enabling Management Security Certificate Generation Scripts -f rsa2.key -C '' -N ''... - Page 12 #!/bin/sh # Ensure that OpenSSL is installed and set the location correctly OPENSSL=/usr/bin/openssl # Set the password to something unique PASSWORD=NETGEAR # Set the number of days the certs will be valid for VALID_NUM_DAYS=3650 ################################################################## # Generate the Self Signed Trusted Root Certification Authority...
-
Page 13: Ssl Helper Files
= sha1 = exampleca_policy = certificate_extensions = supplied = supplied = supplied = supplied = supplied = 2048 = privkey.pem = sha1 = no = req_distinguished_name = req_extensions = US = California = Santa Clara = NETGEAR, Inc. v1.0, February 2006... - Page 14 # the following sections are specific to the request being built [ certificate_extensions ] basicConstraints = CA:false subjectAltName = DNS:localhost = NETGEAR Root CA = support@netgear.com = exampleca = /opt/exampleca = $dir/cacert.pem = $dir/index.txt = $dir/certs = $dir/private/cakey.pem...
- Page 15 = Support commonName emailAddress [ req_extensions ] basicConstraints = CA:true subjectAltName = DNS:localhost Certificate Generation Scripts Application Note: Configuring and Enabling Management Security = US = California = Santa Clara = NETGEAR, Inc. = localhost = support@netgear.com v1.0, February 2006...
- Page 16 Application Note: Configuring and Enabling Management Security Certificate Generation Scripts v1.0, February 2006...