HP 2610 - Local Manager Password; Inbound Telnet Access and Web Browser Access; Secure File Transfers

To Next Page

To Previous Page

Enforcing Switch Security

Switch Management Access Security

It is important to evaluate the level of management access vulnerability existing in your network and

take steps to ensure that all reasonable security precautions are in place. This includes both

configurable security options and physical access to the switch hardware.

Local Manager Password

In the default configuration, there is no password protection. Configuring a local Manager password

is a fundamental step in reducing the possibility of unauthorized access through the switch’s web

browser and console (CLI and Menu) interfaces. The Manager password can easily be set using the

CLI password manager command, the Menu interface Console Passwords option, or the password

options under the Security tab in the web browser interface.

Inbound Telnet Access and Web Browser Access

The default remote management protocols enabled on the switch, such as Telnet or HTTP, are plain

text protocols, which transfer passwords in open or plain text that is easily captured. To reduce the

chances of unauthorized users capturing your passwords, secure and encrypted protocols such as

SSH and SSL must be used for remote access. This enables you to employ increased access security

while still retaining remote client access.

■ SSHv2 provides Telnet-like connections through encrypted and authenticated transactions

■ SSLv3/TLSv1 provides remote web browser access to the switch via encrypted paths

between the switch and management station clients capable of SSL/TLS operation.

Also, access security on the switch is incomplete without disabling Telnet and the standard web

browser access.Among the methods for blocking unauthorized access attempts using Telnet or the

Web browser are the following two commands:

■ no telnet-server: This CLI command blocks inbound Telnet access.

■ no web-management: This CLI command prevents use of the web browser interface through

http (port 80) server access.

If you choose not to disable Telnet and web browser access, you may want to consider using RADIUS

accounting to maintain a record of password-protected access to the switch.

Secure File Transfers

Secure Copy and SFTP provide a secure alternative to TFTP and auto-TFTP for transferring sensitive

information such as configuration files and log information between the switch and other devices.

Related product manuals