Dell PowerSwitch S4128F-ON SmartFabric OS10 Security Best Practices Guide July - Page 5

Password rules

Get Dell PowerSwitch S4128F-ON PDF manuals and user guides View all Dell PowerSwitch S4128F-ON manuals
Add to My Manuals
Save this manual to your list of manuals

Page 5 highlights

Rationale: Even if you disable the linuxadmin user, users can access Linux commands using the system command. To disable access to Linux commands completely, use the system-cli command. Configuration: OS10(config)# system-cli disable OS10(config)# exit OS10# write memory Disable unused interfaces Rationale: To prevent unauthorized users from connecting to your network on front-end interfaces, disable the interfaces that you are not using. Configuration: OS10(config)# interface range ethernet 1/1/10-1/1/32 OS10(conf-range-eth1/1/10-1/1/32)# shutdown OS10(conf-range-eth1/1/10-1/1/32)# end OS10# write memory Enable bootloader protection Rationale: To prevent unauthorized users with malicious intent from accessing your switch, protect the bootloader using a GRUB password. Configuration: OS10# boot protect enable username username password password OS10# write memory Password rules Strict password rules ensure better security of the device. Enable strong passwords Rationale: Strong passwords make it difficult guess your passwords. By default, strong password check is enabled on the system which checks if the password contains at least characters with alphanumeric and special characters. If strong password check is disabled, enable it. Configuration: OS10(config)# no service simple-password OS10(config)# exit OS10# write memory Enforce stronger passwords Rationale: By default, the password you configure must be at least nine alphanumeric and special characters. To increase the password strength further, enforce the user to use a mix of different characters and increase the password length. Configuration: OS10(config)# password-attributes {[min-length number] [character-restriction {[upper number] [lower number][numeric number] [special-char number]}} OS10(config)# exit OS10# write memory • min-length number-(Optional) Sets the minimum number of required alphanumeric characters, from 6 to 32; default 9. • character-restriction: ○ upper number-(Optional) Sets the minimum number of uppercase characters that are required, from 0 to 31; default 0. ○ lower number-(Optional) Sets the minimum number of lowercase characters that are required, from 0 to 31; default 0. ○ numeric number-(Optional) Sets the minimum number of numeric characters that are required, from 0 to 31; default 0. ○ special-char number-(Optional) Sets the minimum number of special characters that are required, from 0 to 31; default 0. OS10 security best practices 5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
Rationale
: Even if you disable the
linuxadmin
user, users can access Linux commands using the
system
command. To disable access
to Linux commands completely, use the
system-cli
command.
Configuration
:
OS10(config)# system-cli disable
OS10(config)# exit
OS10# write memory
Disable unused interfaces
Rationale
: To prevent unauthorized users from connecting to your network on front-end interfaces, disable the interfaces that you are
not using.
Configuration
:
OS10(config)# interface range ethernet 1/1/10-1/1/32
OS10(conf-range-eth1/1/10-1/1/32)# shutdown
OS10(conf-range-eth1/1/10-1/1/32)# end
OS10# write memory
Enable bootloader protection
Rationale
: To prevent unauthorized users with malicious intent from accessing your switch, protect the bootloader using a GRUB
password.
Configuration
:
OS10# boot protect enable username
username
password
password
OS10# write memory
Password rules
Strict password rules ensure better security of the device.
Enable strong passwords
Rationale
: Strong passwords make it difficult guess your passwords. By default, strong password check is enabled on the system which
checks if the password contains at least characters with alphanumeric and special characters. If strong password check is disabled, enable
it.
Configuration
:
OS10(config)# no service simple-password
OS10(config)# exit
OS10# write memory
Enforce stronger passwords
Rationale
: By default, the password you configure must be at least nine alphanumeric and special characters. To increase the password
strength further, enforce the user to use a mix of different characters and increase the password length.
Configuration
:
OS10(config)# password-attributes {[min-length
number
] [character-restriction {[upper
number
]
[lower
number
][numeric
number
] [special-char
number
]}}
OS10(config)# exit
OS10# write memory
min-length
number
—(Optional) Sets the minimum number of required alphanumeric characters, from 6 to 32; default 9.
character-restriction
:
upper
number
—(Optional) Sets the minimum number of uppercase characters that are required, from 0 to 31; default 0.
lower
number
—(Optional) Sets the minimum number of lowercase characters that are required, from 0 to 31; default 0.
numeric
number
—(Optional) Sets the minimum number of numeric characters that are required, from 0 to 31; default 0.
special-char
number
—(Optional) Sets the minimum number of special characters that are required, from 0 to 31; default 0.
OS10 security best practices
5