The Ssh Protocol; Items Needed To Deploy Secure Protocols; Main Security Scenarios - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.1.1 administrator guide (5697-0235, december 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
For details on Brocade MIB files, naming conventions, loading instructions, and information about using
Brocade's SNMP agent, see the Fabric OS MIB Reference.
Table 16
describes additional software or certificates that you must obtain to deploy secure protocols.
Table 16
Items needed to deploy secure protocols
Protocol
SSHv2
HTTPS
Secure File Copy (SCP)
SNMPv1, SNMPv2,
SNMPv3
The security protocols are designed with the four main usage cases described in
Table 17
Main security scenarios
Fabric
Nonsecure
Nonsecure
Secure
Secure
The SSH protocol
To ensure security, Fabric OS supports secure shell (SSH) encrypted sessions in 4.1.x and later. SSH
encrypts all messages, including the client's transmission of password during login. The SSH package
contains a daemon (sshd), which runs on the switch. The daemon supports a wide variety of encryption
algorithms, such as Blowfish-CBC and AES.
NOTE:
To maintain a secure network, you should avoid using Telnet or any other unprotected application
when you are working on the switch.
The FTP protocol is also not secure. When you use FTP to copy files to or from the switch, the contents are
in clear text. This includes the remote FTP server's login and password. This limitation affects the following
commands: saveCore, configUpload, configDownload, and firmwareDownload.
90
Configuring standard security features
Host side
Secure shell client
No requirement on host
side except a browser that
supports HTTPS
SSH daemon, scp server
None
Management
Comments
interfaces
Nonsecure
No special setup is needed to use Telnet or HTTP.
Secure
Secure protocols may be used. An SSL switch certificate must be
installed if HTTPS is used.
Secure
Switches running earlier Fabric OS versions can be part of the
secure fabric, but they do not support secure management.
Secure management protocols must be configured for each
participating switch. Nonsecure protocols may be disabled on
nonparticipating switches.
If SSL is used, certificates must be installed. For more
information on installing certificates, see
certificate" on page
Nonsecure
You must use SSH because Telnet is not allowed with some
features, such as RADIUS.
Nonsecure management protocols are necessary under these
circumstances:
The fabric contains switches running Fabric OS v3.2.0.
The presence of software tools that do not support secure
protocols: for example, Fabric Manager v4.0.0.
The fabric contains switches running Fabric OS versions earlier
than v4.4.0. Nonsecure management is enabled by default.
Switch side
None
Switch IP certificate for SSL
None
None
"Installing a switch
97.
Table
17.
Advertisement
Table of Contents
