HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.1.x administrator guide (5697 - Page 87

3 Configuring standard security features This chapter provides information and procedures for configuring standard Fabric OS security features such as protocol and certificate management. IMPORTANT: Secure Fabric OS is no longer supported in Fabric OS 6.x. However, all features of Secure Fabric OS are included in the base Fabric OS 6.x. Security protocols Security protocols provide endpoint authentication and communications privacy using cryptography. Typically, only you are authenticated while the switch remains unauthenticated. This means that you can be sure with what you are communicating. The next level of security, in which both ends of the conversation are sure with whom they are communicating, is known as two-factor authentication. Two-factor authentication requires public key infrastructure (PKI) deployment to clients. Fabric OS supports the secure protocols shown in Table 15. Table 15 Secure protocol support Protocol Description HTTPS HTTPS is a Uniform Resource Identifier scheme used to indicate a secure HTTP connection. Web Tools supports the use of hypertext transfer protocol over secure socket layer (HTTPS). LDAPS SCP Lightweight Directory Access Protocol over SSL that uses a certificate authority (CA). By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology in conjunction with LDAP. Secure Copy (SCP) is a means of securely transferring computer files between a local and a remote host or between two remote hosts, using the Secure Shell (SSH) protocol. Configuration upload and download support the use of SCP. SNMP SSH SSL Supports SNMPv1, v2, and v3. SNMP is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. Secure Shell (SSH) is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. Supports SSLv3, 128-bit encryption by default. Fabric OS uses secure socket layer (SSL) to support HTTPS. A certificate must be generated and installed on each switch to enable SSL. Simple Network Management Protocol (SNMP) is a standard method for monitoring and managing network devices. Using SNMP components, you can program tools to view, browse, and manipulate switch variables and set up enterprise-level management processes. Every switch carries an SNMP agent and Management Information Base (MIB). The agent accesses MIB information about a device and makes it available to a network manager station. You can manipulate information of your choice by trapping MIB elements using the Fabric OS CLI, Web Tools, or Fabric Manager. The SNMP Access Control List (ACL) provides a way for the administrator to restrict SNMP get and set operations to certain hosts and IP addresses. This is used for enhanced management security in the storage area network. Fabric OS 6.1.x administrator guide 87