Dell PowerSwitch S4112F-ON SmartFabric OS10 Security Best Practices Guide July - Page 18

NTP rules

Get Dell PowerSwitch S4112F-ON PDF manuals and user guides View all Dell PowerSwitch S4112F-ON manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

Enable audit logging Rationale: To monitor user activity and configuration changes on the switch, enable the audit log. Only the sysadmin and secadmin roles can enable, view, and clear the audit log. Configuration: • Configure audit logging. OS10(config)# logging audit enable OS10(config)# exit OS10# write memory • View audit log. show logging audit [reverse] [number] ○ reverse -Display entries starting with the most recent events. ○ number-Display the specified number of audit log entries users, from 1 to 65535. NTP rules Network Time Protocol (NTP) synchronizes timekeeping among a set of distributed time servers and clients and coordinates time distribution in a large, diverse network. NTP clients synchronize with NTP servers that provide accurate time measurement. Configure trusted NTP server Rationale: Configure the system to synchronize time from a trusted NTP server. Configuration: OS10(config)# ntp server ntp1-server-ip-address OS10(config)# exit OS10# write memory ntp1-server-ip-address-Enter the IPv4 address in A.B.C.D format or IPv6 address in A::B format of the NTP server. Configure trusted secondary NTP server Rationale: Configure the system to synchronize time from a trusted secondary NTP server. Configuration: OS10(config)# ntp server ntp2-server-ip-address OS10(config)# exit OS10# write memory ntp1-server-ip-address-Enter the IPv4 address in A.B.C.D format or IPv6 address in A::B format of the NTP server. Configure NTP authentication Rationale: NTP authentication and the corresponding trusted key provide a reliable exchange of NTP packets with trusted time sources. NTP authentication uses the message digest 5 (MD5) algorithm. The key is embedded in the synchronization packet that is sent to an NTP time source. Configuration: OS10(config)# ntp authentication-key number {sha1 | sha2-256} key OS10(config)# ntp master {2-10} OS10(config)# exit OS10# write memory • number-Enter the authentication key number, from 1 to 4294967295. • sha1-Set to SHA1 encryption. • sha2-256-Set to sha2-256 encryption. 18 OS10 security best practices

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
Enable audit logging
Rationale
: To monitor user activity and configuration changes on the switch, enable the audit log. Only the
sysadmin
and
secadmin
roles can enable, view, and clear the audit log.
Configuration
:
Configure audit logging.
OS10(config)# logging audit enable
OS10(config)# exit
OS10# write memory
View audit log.
show logging audit [reverse] [
number
]
reverse
—Display entries starting with the most recent events.
number
—Display the specified number of audit log entries users, from 1 to 65535.
NTP rules
Network Time Protocol (NTP) synchronizes timekeeping among a set of distributed time servers and clients and coordinates time
distribution in a large, diverse network. NTP clients synchronize with NTP servers that provide accurate time measurement.
Configure trusted NTP server
Rationale
: Configure the system to synchronize time from a trusted NTP server.
Configuration
:
OS10(config)# ntp server
ntp1-server-ip-address
OS10(config)# exit
OS10# write memory
ntp1-server-ip-address
—Enter the IPv4 address in A.B.C.D format or IPv6 address in A::B format of the NTP server.
Configure trusted secondary NTP server
Rationale
: Configure the system to synchronize time from a trusted secondary NTP server.
Configuration
:
OS10(config)# ntp server
ntp2-server-ip-address
OS10(config)# exit
OS10# write memory
ntp1-server-ip-address
—Enter the IPv4 address in A.B.C.D format or IPv6 address in A::B format of the NTP server.
Configure NTP authentication
Rationale
: NTP authentication and the corresponding trusted key provide a reliable exchange of NTP packets with trusted time sources.
NTP authentication uses the message digest 5 (MD5) algorithm. The key is embedded in the synchronization packet that is sent to an
NTP time source.
Configuration
:
OS10(config)# ntp authentication-key
number
{sha1 | sha2-256}
key
OS10(config)# ntp master {2–10}
OS10(config)# exit
OS10# write memory
number
—Enter the authentication key number, from 1 to 4294967295.
sha1
—Set to SHA1 encryption.
sha2-256
—Set to sha2-256 encryption.
18
OS10 security best practices