Configuring Standard Security Features; Security Protocols; Secure Protocol Support - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

Hp storageworks fabric os 6.1.1 administrator guide (5697-0235, december 2009)
Hide thumbs Also See for A7533A - Brocade 4Gb SAN Switch Base:
Table of Contents

Advertisement

3

Configuring standard security features

This chapter provides information and procedures for configuring standard Fabric OS security features such
as protocol and certificate management.
IMPORTANT:
Fabric OS are included in the base Fabric OS 6.x.

Security protocols

Security protocols provide endpoint authentication and communications privacy using cryptography.
Typically, only you are authenticated while the switch remains unauthenticated. This means that you can be
sure with what you are communicating. The next level of security, in which both ends of the conversation
are sure with whom they are communicating, is known as two-factor authentication. Two-factor
authentication requires public key infrastructure (PKI) deployment to clients.
Fabric OS supports the secure protocols shown in
Table 15

Secure protocol support

Protocol
HTTPS
LDAPS
SCP
SNMP
SSH
SSL
Simple Network Management Protocol (SNMP) is a standard method for monitoring and managing
network devices. Using SNMP components, you can program tools to view, browse, and manipulate switch
variables and set up enterprise-level management processes.
Every switch carries an SNMP agent and Management Information Base (MIB). The agent accesses MIB
information about a device and makes it available to a network manager station. You can manipulate
information of your choice by trapping MIB elements using the Fabric OS CLI, Web Tools, or Fabric
Manager.
The SNMP Access Control List (ACL) provides a way for the administrator to restrict SNMP get and set
operations to certain hosts and IP addresses. This is used for enhanced management security in the storage
area network.
Secure Fabric OS is no longer supported in Fabric OS 6.x. However, all features of Secure
Description
HTTPS is a Uniform Resource Identifier scheme used to indicate a secure
HTTP connection. Web Tools supports the use of hypertext transfer protocol
over a secure socket layer (HTTPS).
Lightweight Directory Access Protocol over SSL uses a certificate authority
(CA). By default, LDAP traffic is transmitted unsecured. You can make LDAP
traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport
Layer Security (TLS) technology in conjunction with LDAP.
Secure Copy (SCP) is a means of securely transferring computer files between
a local and a remote host or between two remote hosts, using the Secure
Shell (SSH) protocol. Configuration upload and download support the use of
SCP.
Supports SNMPv1, v2, and v3. SNMP is used in network management
systems to monitor network-attached devices for conditions that warrant
administrative attention.
Secure Shell (SSH) is a network protocol that allows data to be exchanged
over a secure channel between two computers. Encryption provides
confidentiality and integrity of data. SSH uses public-key cryptography to
authenticate the remote computer and allow the remote computer to
authenticate the user, if necessary.
Supports SSLv3, 128-bit encryption by default. Fabric OS uses secure socket
layer (SSL) to support HTTPS. A certificate must be generated and installed on
each switch to enable SSL.
Table
15.
Fabric OS 6.1.1 administrator guide
89

Advertisement

Table of Contents
loading

Table of Contents