Securing Access to the Command Line Interface 73
has not been certified by a Certificate Authority (CA) but security will not
be otherwise affected.
If you cannot generate an X.509 certificate yourself, you can buy one
from one of the Certifying Authorities or your ISP. Each Switch requires its
own X.509 certificate.
Securing Access to
the Command Line
Interface
The Switch 3226 and Switch 3250 support SSH (Secure Shell), allowing
secure access to the Command Line Interface of the Switch.
If you use SSH to administer your Switch and the network traffic is
intercepted, no passwords or configuration information will be visible in
the data. To securely adminster the Switch using the Command Line
Interface you need a Telnet/SSH client. You do not need a digital
certificate as your Switch can generate its own.
To administer your Switch using SSH, start your Telnet/SSH client and
enter the IP address of your Switch.
If your Telnet/SSH application supports both encrypted and unencrypted
modes, make sure that you have SSH encryption set.
At time of writing, the Telnet client supplied with Windows does not
support SSH.
Access Control Lists Access Control Lists (ACLs) are layer 3 instructions that can be used to
filter traffic on network ports. They can be used to limit access to certain
segments of the network, and therefore are useful for network security.
Access Control Lists can be used to:
■ Prevent unnecessary network traffic.
■ Restrict access to proprietary information within the network.
An ACL is made up of on a series of rules. Rules are applied to network
ports and determine the access limitations for packets received on a
network port. When a packet is received on a network port, it is
compared to the ACL for the network port. If it matches, it will either be
passed (permitted) or blocked (denied) depending on the rule.
To Next Page
Loading...
