Dell MX9116n SmartFabric OS10 Security Best Practices Guide July 2020 - Page 4

OS10 security best practices, On first boot - default password

Get Dell MX9116n PDF manuals and user guides View all Dell MX9116n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 4 highlights

1 OS10 security best practices This document provides a set of recommendations for securing switches that run Dell EMC SmartFabric OS10. For detailed configuration, see the Dell EMC SmartFabric OS10 User Guide. You can find Dell EMC documentation at https://www.dell.com/support/. Applicability The recommendations provided in this document apply up to Dell EMC SmartFabric OS10.5.1.x. On first boot When you boot the switch for the first time, the system performs Zero-touch deployment (ZTD). ZTD automates OS10 image upgrade, runs a CLI batch file to configure the switch, and runs post-ZTD scripts to perform additional functions. ZTD is enabled by default on the system. If you do not use ZTD, you may disable ZTD using the ztd cancel command. After first login to OS10, change the default password and upgrade O10 to the latest version which may contain new features and security fixes. Change the default CLI password Rationale: When you log in to the switch for the first time, the system prompts you to enter a username to enter the command-line interface. To log in to OS10 for the first time, enter admin as the username and the password. Change the default admin password after your first login to something secure or create at least one OS10 user with the sysadmin role and delete the default admin username. The system saves the new password for future logins. After you change the password using the CLI, use the write memory command to save the configuration. Configuration: OS10# configure terminal % Error: ZTD is in progress(configuration is locked). OS10# ztd cancel OS10# configure terminal OS10(config)# username admin password new-password role sysadmin OS10(config)# exit OS10# write memory Change the default linuxadmin password Rationale: You use the Linux shell for troubleshooting and diagnostic purposes. After the first OS10 login, enter linuxadmin for both the default Linux shell username and password and change the default linuxadmin password. The system saves the new password for future logins. After you change the password using the CLI, use the write memory command to save the configuration. Configuration: OS10# configure terminal OS10(config)# system-user linuxadmin password {clear-text-password | hashed-password} OS10(config)# exit OS10# write memory Disable the linuxadmin account Rationale: If you do not want your users to access the Linux shell, disable the linuxadmin account. Configuration: OS10(config)# system-user linuxadmin disable OS10(config)# exit OS10# write memory Disable access to Linux commands 4 OS10 security best practices

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
OS10 security best practices
This document provides a set of recommendations for securing switches that run Dell EMC SmartFabric OS10. For detailed configuration,
see the
Dell EMC SmartFabric OS10 User Guide
.
You can find Dell EMC documentation at
.
Applicability
The recommendations provided in this document apply up to Dell EMC SmartFabric OS10.5.1.x.
On first boot
When you boot the switch for the first time, the system performs Zero-touch deployment (ZTD). ZTD automates OS10 image upgrade,
runs a CLI batch file to configure the switch, and runs post-ZTD scripts to perform additional functions. ZTD is enabled by default on the
system. If you do not use ZTD, you may disable ZTD using the
ztd cancel
command. After first login to OS10, change the default
password and upgrade O10 to the latest version which may contain new features and security fixes.
Change the default CLI password
Rationale
: When you log in to the switch for the first time, the system prompts you to enter a username to enter the command-line
interface. To log in to OS10 for the first time, enter
admin
as the username and the password. Change the default
admin
password after
your first login to something secure or create at least one OS10 user with the
sysadmin
role and delete the default
admin
username.
The system saves the new password for future logins. After you change the password using the CLI, use the
write memory
command
to save the configuration.
Configuration
:
OS10# configure terminal
% Error: ZTD is in progress(configuration is locked).
OS10# ztd cancel
OS10# configure terminal
OS10(config)# username admin password
new-password
role sysadmin
OS10(config)# exit
OS10# write memory
Change the default linuxadmin password
Rationale
: You use the Linux shell for troubleshooting and diagnostic purposes. After the first OS10 login, enter
linuxadmin
for both
the default Linux shell username and password and change the default
linuxadmin
password. The system saves the new password for
future logins. After you change the password using the CLI, use the
write memory
command to save the configuration.
Configuration
:
OS10# configure terminal
OS10(config)# system-user linuxadmin password {clear-text-password | hashed-password}
OS10(config)# exit
OS10# write memory
Disable the linuxadmin account
Rationale
: If you do not want your users to access the Linux shell, disable the
linuxadmin
account.
Configuration
:
OS10(config)# system-user linuxadmin disable
OS10(config)# exit
OS10# write memory
Disable access to Linux commands
1
4
OS10 security best practices