Security Overview
Access Security Features
Feature Default Security Guidelines More Information and
Setting Configuration Details
SSL disabled Secure Socket Layer (SSL) and Transport Layer Security “Quick Start: Using the
(TLS) provide remote Web browser access to the switch Management Interface
via authenticated transactions and encrypted paths Wizard” on page 1-10
between the switch and management station clients
Chapter 9, “Configuring
capable of SSL/TLS operation. The authenticated type
Secure Socket Layer (SSL)”
includes server certificate authentication with user
password authentication.
SNMP public,
unrestricted
In the default configuration, the switch is open to access
by management stations running SNMP management
applications capable of viewing and changing the
settings and status data in the switch’s MIB
(Management Information Base). Thus, controlling
SNMP access to the switch and preventing
unauthorized SNMP access should be a key element of
your network security strategy.
“SNMP Security Guidelines”
on page 1-15
“Quick Start: Using the
Management Interface
Wizard” on page 1-10
Management and
Configuration Guide,
Chapter 14, refer to the
section “Using SNMP Tools
To Manage the Switch”
Authorized IP none This feature uses IP addresses and masks to determine Chapter 15, “Using
Managers whether to allow management access to the switch Authorized IP Managers”
across the network through the following :
• Telnet and other terminal emulation applications
• The switch’s Web browser interface
• SNMP (with a correct community name)
Secure
Management
VLAN
disabled This feature creates an isolated network for managing
the ProCurve switches that offer this feature. When a
secure management VLAN is enabled, CLI, Menu
interface, and Web browser interface access is
restricted to ports configured as members of the VLAN.
Advanced Traffic
Management Guide, refer to
the chapter “Static Virtual
LANs (VLANs)”
TACACS+
Authentication
disabled This application uses a central server to allow or deny
access to TACACS-aware devices in your network.
TACACS+ uses username/password sets with
associated privilege levels to grant or deny access
through either the switch’s serial (console) port or
remotely, with Telnet.
If the switch fails to connect to a TACACS+ server for the
necessary authentication service, it defaults to its own
locally configured passwords for authentication control.
TACACS+ allows both login (read-only) and enable
(read/write) privilege level access.
Chapter 5, “TACACS+
Authentication”
RADIUS
Authentication
disabled For each authorized client, RADIUS can be used to
authenticate operator or manager access privileges on
the switch via the serial port (CLI and Menu interface),
Telnet, SSH, and Secure FTP/Secure Copy (SFTP/SCP)
access methods.
Chapter 6, “RADIUS
Authentication and
Accounting”
1-5
To Next Page
Loading...
Need help?
General