Security
7705 SAR OS System Management Guide 33
When using SCP to copy files from an external device to the file system, the 7705 SAR SCP
server will accept either forward slash (“/”) or backslash (“\”) characters to delimit directory
and/or filenames. Similarly, the 7705 SAR SCP client application can use either slash or
backslash characters, but not all SCP clients treat backslash characters as equivalent to slash
characters. In particular, UNIX systems will often interpret the backslash character as an
“escape” character, which does not get transmitted to the 7705 SAR SCP server. For
example, a destination directory specified as “cf3:\dir1\file1” will be transmitted to the
7705 SAR SCP server as “cf3:dir1file1”, where the backslash escape characters are stripped
by the SCP client system before transmission. On systems where the client treats the
backslash like an “escape” character, a double backslash “\\” or the forward slash “/” can
typically be used to properly delimit directories and the filename.
The 7705 SAR support for SSH and SCP is the same for both IPv4 and IPv6 addressing,
including support for:
• SSH1 and SSH2
• in-band and out-of-band management of the 7705 SAR
• key management and authentication types
• encryption types
• simultaneous IPv4 and IPv6 SSH/SCP sessions
CSM Filters and CSM Security
IP forwarding supports CSM filters that are applied to IP packets extracted to the control
plane. CSM filters are used to protect the control plane from DoS attacks, unauthorized access
to the node, and similar security breaches.
IP filters scan all traffic and take the appropriate (configured) action against matching
packets. Packets that are not filtered by the IP filters and are destined for the 7705 SAR are
scanned by the configured CSM filter.
For information on IP filters, refer to the 7705 SAR OS Router Configuration Guide.
Both IPv4 and IPv6 CSM filters are supported.
Note: Although the Control and Switching module on the 7705 SAR is called a CSM, the
CSM filters are referred to as CPM filters in the CLI in order to maintain consistency with
other SR routers.
To Next Page
Loading...
