Securing Management Access To The Procurve Secure Router; Restricting Access To The Enable Mode Context - HP ProCurve Secure 7000dl Series Basic Management And Configuration Manual

Controlling Management Access to the ProCurve Secure Router

Securing Management Access to the ProCurve Secure Router

2-4
Securing Management Access to the
ProCurve Secure Router
The ProCurve Secure Router supports both local and remote management.
For local management, you can use a serial cable to attach your PC to the
ProCurve Secure Router and establish a console terminal session. For remote
management, you have the following options:
Telnet
Secure Shell (SSH)
Web browser interface
You can also establish an FTP session with the router or use secure copy server
to copy configuration files to internal or compact flash.
The ProCurve Secure Router allows you to restrict who can use these access
methods to manage the router.

Restricting Access to the Enable Mode Context

The first step you should take to protect your WAN is to configure a password
for the enable mode context. If you do not configure this password, anyone
who has physical access to your router can establish a console terminal
session and view or change configurations on the router.
In addition, an enable mode password is required for remote management
through a Telnet or SSH session. If you do not create an enable mode pass-
word, you may be able to establish a Telnet or SSH session (if the router is
configured to permit this access), but you will not be able to move beyond the
basic mode context.
To configure an enable mode password, move to the global configuration
mode context and enter:
Syntax: enable password [md5] <password>
Replace <password> with any combination of up to 30 characters. Include the
Message Digest 5 (md5) option to encrypt the password.
For example, if you want to set the password as procurve, enter:
ProCurve(config)# enable password procurve