Introducing Secure Fabric OS
Security of Management Channels
You can use Secure Fabric OS to increase the security of the local and remote
management channels, including Fabric Manager, Web Tools, standard SNMP
applications, Management Server, and a supported command line interface (CLI)
client such as sectelnet.
You can specify the access allowed through a channel by customizing the Secure
Fabric OS policy for that channel. Secure Fabric OS policies are available for
telnet (includes sectelnet and Secure Shell), SNMP, Management Server, HTTP,
and Application Programing Interface (API). Fabric Manager and Web Tools both
use HTTP and API to access the switch.
Once a digital certificate is installed on the switch, Fabric OS v2.6.1, v3.1.x, and
v4.1.x all encrypt sectelnet, API, and HTTP passwords automatically, regardless
of whether Secure Fabric OS is enabled.
Note:
or Secure Shell), and is disabled when Secure Mode is enabled.
Secure Shell
Fabric OS v4.1.x supports Secure Shell (SSH), which is a fully encrypted protocol
for CLI. Use of SSH requires installation of a SSH client on the host computer. It
does not require a digital certificate on the switch.
SSH access is configurable by the Telnet policy that is available through Secure
Fabric OS. However, Fabric OS v4.1.x supports SSH whether or not Secure Fabric
OS is licensed.
If you want to restrict CLI access over the network to SSH, disable telnet as
described under "Telnet" on page 15.
SSH clients are available in the public domain, and can be located by searching on
the Internet. Any client that supports Version 2 of the protocol is supported, such
as PuTTy or F-Secure.
Fabric OS v4.1.x also supports the following ciphers for session encryption and
Hash Message Authentication Codes (HMACs)—a hash function based message
authentication code:
14
The "Telnet" button in Web Tools can be used to launch telnet only (not sectelnet
Ciphers: AES128-CBC, 3DES-CBC, Blowfish-CBC, Cast128-CBC, and RC4
HMACs: HMAC-MD5, HMAC-SHA1, HMAC-SHA1-96, HMACMD5-96.
Secure Fabric OS Version 1.0 User Guide