Securing Management Access To The Procurve Secure Router; Restricting Access To The Enable Mode Context - HP ProCurve 7000dl Series Basic Management And Configuration Manual

Controlling Management Access to the ProCurve Secure Router

Securing Management Access to the ProCurve Secure Router

2-4
Securing Management Access to the
ProCurve Secure Router
The ProCurve Secure Router supports both local and remote management.
For local management, you can use a serial cable to attach your PC to the
ProCurve Secure Router and establish a console terminal session. For remote
management, you have the following options:
Telnet session
Secure Shell (SSH) session
Web browser interface through HTTP or HTTP with Secure Sockets Layer
(HTTPS)
You can also establish an FTP session with the router or use secure copy server
to copy configuration files to internal or compact flash.
For tighter security, the ProCurve Secure Router allows you to restrict who
can use these access methods to manage the router.
In addition to managing the ProCurve Secure Router through the command
line interface (CLI) or Web browser interface, you can use a Simple Network
Management Protocol (SNMP) application.

Restricting Access to the Enable Mode Context

The first step you should take to protect your WAN is to configure a password
for the enable mode context. If you do not configure this password, anyone
who has physical access to your router can establish a console terminal
session and view or change configurations on the router.
In addition, an enable mode password is required for remote management
through a Telnet or SSH session. If you do not create an enable mode pass-
word, you may be able to establish a Telnet or SSH session (if the router is
configured to permit this access), but you will not be able to move beyond the
basic mode context.
To configure an enable mode password, move to the global configuration
mode context and enter:
Syntax: enable password [md5] <password>