Ensuring Network Security; Main Security Scenarios - HP A7533A - Brocade 4Gb SAN Switch Base User Manual

Hp storageworks fabric os 5.x procedures user guide (aa-rvhwb-te, september 2005)

Hide thumbs Also See for A7533A - Brocade 4Gb SAN Switch Base:

Administrator's manual (576 pages)

Hardware reference manual (256 pages)

Release note (76 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

Table of Contents

Table 6

Main security scenarios

Fabric

Nonsecure

Secure

Ensuring network security

To ensure security, Fabric OS supports SSH encrypted sessions. SSH encrypts all messages, including the

client's transmission of password during login. The SSH package contains a daemon (sshd), which runs

on the switch. The daemon supports a wide variety of encryption algorithms, such as Blowfish-CBC

and AES.

NOTE:

To maintain a secure network, avoid using telnet or any other unprotected application when you

are working on the switch. For example, if you use telnet to connect to a machine, and then start an SSH

or secure telnet session from that machine to the switch, the communication to the switch is in clear text

and, therefore, is not secure.

Nor is the FTP protocol secure. When you use FTP to copy files to or from the switch, the contents are in

clear text. When you use FTP to copy files to or from

configUpload, configDownload, and firmwareDownload.

Configuring standard security features

Management

Comments

interfaces

Nonsecure

No special setup is need to use telnet or HTTP. An

HP switch certificate must be installed if sectelnet

is used.

Secure

Secure protocols may be used. An SSL switch

certificate must be installed if SSH/HTTPS is used.

Secure

Secure protocols are supported on Fabric OS

4.4.0 (and later) switches. Switches running

earlier Fabric OS versions can be part of the

secure fabric, but they do not support secure

management.

Secure management protocols must be

configured for each participating switch.

Nonsecure protocols may be disabled on

nonparticipating switches.

If SSL is used, certificates must be installed.

Nonsecure

You must use sectelnet because telnet is not

allowed in secure mode.

Nonsecure management protocols are necessary

under these circumstances:

•

. This limitation affects the following commands: saveCore,

The fabric contains switches running

Fabric OS 3.2.0.

The presence of software tools that do not

support Secure protocols: for example, Fabric

Manager 4.0.0.

The fabric contains switches running Fabric

OS versions earlier than 4.4.0. Nonsecure

management is enabled by default.

the switch, the contents, including the remote FTP server's

Table of Contents

Troubleshooting

This manual is also suitable for:

Aa979a - storageworks san switch 2/8v Storageworks 2/128 - san director switch Storageworks 2/16n - ff and 2/16n san switch Storageworks 2/16v - san switch Storageworks 2/64 - core switch Storageworks 2/8v - san switch

Ensuring Network Security; Main Security Scenarios - HP A7533A - Brocade 4Gb SAN Switch Base User Manual

Main security scenarios

Ensuring network security

Troubleshooting

Related Manuals for HP A7533A - Brocade 4Gb SAN Switch Base

Related Content for HP A7533A - Brocade 4Gb SAN Switch Base

This manual is also suitable for:

Table of Contents