Version 6.6 309 October 2014
Installation & Operation Manual 33. Configuring Security Settings
See 'Configuring Connectivity between the Media Gateway and Additional SNMP
Managers' on page
174 for detailed description on how to configure connectivity
with additional SNMP managers.
See 'Configuring IPSEC/IKE for Management Interfaces (on SC boards)' on page
341 for a detailed description on how to configure the SNMPv2 + IPSEC
management mode.
33.4 Secure Access to the CLI Interface
Secure access to the CLI management interface is achieved via the use of the Secure
Shell (SSH) protocol. Associated file transfer protocols – Secure Copy (SCP) and
Secure FTP (SFTP) – are used for transferring files to/from the Mediant 8000.
33.4.1 SSH Protocol
The Secure Shell (SSH) is a standard protocol that allows the establishment of a
secure channel between a local and remote computer. It provides authentication,
confidentiality and integrity of data exchanged between the two computers.
The Mediant 8000 uses SSH v2 to encrypt CLI management sessions. SSH
connection is available even when Secure Operation mode is disabled and is a
preferred connection type for the CLI management interface.
33.4.2 SCP and SFTP Protocols
Secure Copy (SCP) and Secure FTP (SFTP) are associated protocols that support
files transfer over SSH connections. They are used to transfer backup files and debug
data to/from the SC boards on the Mediant 8000 Media Gateway. For better
performance and shorter file transfer times, use the SCP protocol instead of SFTP.
33.5 Disabled Remote Root Login
The Mediant 8000 does not allow use of root username when logging into the CLI
interface via the IP network. This measurement reduces the chances of a successful
brute force attack on root super-user account and is considered to be a common
practice.
Users who require root permissions on the Mediant 8000's CLI interface, are still able
to login as root user. However the login procedure is more complicated than for
regular CLI users and leaves appropriate traces in system security log. see 'Logging in
as a Root User' on page 115 for more details.
The Disabled Remote Root Login feature was not available in v3.2 or earlier of the
Mediant 8000 software and for these versions is not enabled by default during the
Online Software Upgrade. If you upgraded the Mediant 8000 from the version where
the remote root login was not disabled, disable it manually as described below as
soon as possible.
To Next Page
Loading...
