Monitoring Switch Configuration Changes
EPICenter Concepts and Solutions Guide
115
NOTE
If the SSH enabler module is not installed, you cannot configure SSH on any devices—the SSH setting will be
disabled.
EPICenter will now use SSH instead of regular Telnet for direct communications with the device,
including Netlogin and polling for the FDB from the Extreme Networks switches. It will also use SFTP
for file transfers such as uploading or downloading configuration files to the device.
Securing EPICenter Client-Server Traffic
By default, the EPICenter server communication to its clients is unencrypted. You can secure this
communication through SSH tunneling. This requires installing and running an SSH client (PuTTY is
recommended) on the same system as the EPICenter client, and installing and running an SSH server
(OpenSSH is recommended) on the same system where the EPICenter server resides.
Tunneled communication is accomplished through port forwarding.
To configure SSH tunneling between the EPICenter server and client, you must to do the following:
1 Install PuTTY on the EPICenter client system
2 Configure the PuTTY client with an EPICenter session connecting to the EPICenter server host
3 Install an SSH server on the system with the EPICenter server (if it is not already installed)
4 Configure any firewall software to allow SSH connects
5 Initiate EPICenter server/client communication:
a Make sure the SSH server is running on the server system
b Start the SSH client on the client system
c Log into the EPICenter client with the host set to
localhost (not the host where the EPICenter
server is actually located) and the port set to the port you configured for SSH tunneling
(normally, 8080)
PuTTY is now set up to port forward all traffic going to the local host on port 8080. When PuTTY sees a
connection request to the local host on port 8080, PuTTY encrypts the information and sends it across
the encrypted tunnel to the server.
Appendix C, “Using SSH for Secure Communication” contains a detailed walk-through example of
doing these steps in the Windows environment.
Monitoring Switch Configuration Changes
Fundamental to securing your network is verifying that no configuration changes have occurred that
may have a detrimental effect on network security. Something as simple as changing passwords can
introduce a weakness in your security design for the network.
The EPICenter Configuration Manager provides several features you can use to monitor the integrity of
your device configurations:
● You can save baseline configurations for each of your devices. Not only do these provide a known-
good backup if needed, but EPICenter can then compare these to your regularly-scheduled
To Next Page
Loading...
Need help?
General
