72 CHAPTER 10: MAKING YOUR NETWORK SECURE
interface of the Switch using console port, even if you have denied all
access to the Switch using the trusted IP feature.
Securing Access to
the Web Interface
The Switch 3226 and Switch 3250 support HTTPS, allowing secure access
to the Web interface of the Switch.
If you adminster your switch remotely or over an insecure network, the
Switch can encrypt all HTTP traffic to and from the Web interface using
the Secure Sockets Layer (SSL) of HTTP. If your network traffic is
intercepted, no passwords or configuration information will be visible in
the data.
To use HTTPS you need the following:
■ A browser that supports SSL
■ A digital certificate installed on the Switch
The Switch ships with a default certificate installed. This certificate has
not been validated by a Certifying Authority and your browser may warn
you that certificate has not been certified. Using a properly validated
certificate provides a higher level of security than the default certificate.
You can securely browse your Switch by using the HTTPS (HTTP over SSL)
protocol. To access the Web interface securely, enter the following into
your browser:
https://xxx.xxx.xxx.xxx/
where xxx.xxx.xxx.xxx is the IP address of your Switch.
Once you have set up your Switch to support HTTPS, you can optionally
stop unencrypted administration by redirecting HTTP accesses (port 80) to
port 443 (the port used by HTTPS). The Switch can be configured to
redirect all attempts to administer the Web interface.
Getting a Digital
Certificate
Before accessing your Switch using HTTPS, you need an digital certificate
which is used to identify your Switch. The Switch uses certificates that
adhere to the following X.509 standard.
If you have the software to generate an X.509 certificate, you can
self-certify your Switch. Administrators will be warned that the certificate
To Next Page
Loading...
