Dell PowerSwitch S4128F-ON SmartFabric OS10 Security Best Practices Guide July - Page 15

Banner rules, SNMP rules

Get Dell PowerSwitch S4128F-ON PDF manuals and user guides View all Dell PowerSwitch S4128F-ON manuals
Add to My Manuals
Save this manual to your list of manuals

Page 15 highlights

Rationale: Enable login statistics to view user login information, including the number of successful and failed logins, role changes, and the last time a user logged in, displays after a successful login. After enabling login statistics, you can use the show login statistics {all | user} command to view user login information. Configuration: OS10(config)# login-statistics enable OS10(config)# exit OS10# write memory Banner rules Display a message before and after a user logs in to the system. These messages can communicate legal rights to the user and assume consent to the usage policy by the user. Enable login banner Rationale: The login banner is displayed to the user when the user attempts to log in to the system. Configuration: OS10(config)# banner login % DellEMC S4148U-ON login Enter your username and password % OS10(config)# exit OS10# write memory Enable login banner Rationale: The login banner is displayed after the user logs in to the system. Configuration: OS10(config)# banner motd % DellEMC S4148U-ON login Enter your username and password % OS10(config)# exit OS10# write memory SNMP rules Restricted Simple Network Management Protocol (SNMP) access improves device security when SNMP is used. Forbid read and write access to a sprbacecific SNMP community Rationale: Forbid read and write access to one or more SNMP communities so that an unauthorized entity cannot remotely manipulate the device. Configuration: OS10(config)# no snmp-server community community_string {ro | rw} OS10(config)# exit OS10# write memory Forbid access to SNMP without ACL Rationale: If no ACL is configured, anyone with a valid SNMP community string can access the system and potentially make unnecessary changes. Define and apply an ACL so that only an authorized group of trusted stations can have access SNMP access to the system. Configuration: OS10(config)# snmp-server community name {ro | rw} acl acl-name OS10(config)# exit OS10# write memory OS10(config)# ip access-list snmp-read-only-acl OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any OS10 security best practices 15

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
Rationale
: Enable login statistics to view user login information, including the number of successful and failed logins, role changes, and the
last time a user logged in, displays after a successful login. After enabling login statistics, you can use the
show login statistics
{all | user}
command to view user login information.
Configuration
:
OS10(config)# login-statistics enable
OS10(config)# exit
OS10# write memory
Banner rules
Display a message before and after a user logs in to the system. These messages can communicate legal rights to the user and assume
consent to the usage policy by the user.
Enable login banner
Rationale
: The login banner is displayed to the user when the user attempts to log in to the system.
Configuration
:
OS10(config)# banner login %
DellEMC S4148U-ON login
Enter your username and password
%
OS10(config)# exit
OS10# write memory
Enable login banner
Rationale
: The login banner is displayed after the user logs in to the system.
Configuration
:
OS10(config)# banner motd %
DellEMC S4148U-ON login
Enter your username and password
%
OS10(config)# exit
OS10# write memory
SNMP rules
Restricted Simple Network Management Protocol (SNMP) access improves device security when SNMP is used.
Forbid read and write access to a sprbacecific SNMP community
Rationale
: Forbid read and write access to one or more SNMP communities so that an unauthorized entity cannot remotely manipulate
the device.
Configuration
:
OS10(config)# no snmp-server community
community_string
{ro | rw}
OS10(config)# exit
OS10# write memory
Forbid access to SNMP without ACL
Rationale
: If no ACL is configured, anyone with a valid SNMP community string can access the system and potentially make unnecessary
changes. Define and apply an ACL so that only an authorized group of trusted stations can have access SNMP access to the system.
Configuration
:
OS10(config)# snmp-server community name {ro | rw} acl acl-name
OS10(config)# exit
OS10# write memory
OS10(config)# ip access-list snmp-read-only-acl
OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any
OS10 security best practices
15