HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 29
Network Security Features, Table 1-2., Network Security-Default Settings and Security Guidelines
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 29 highlights
Security Overview Network Security Features Network Security Features This section outlines features and defence mechanisms for protecting access through the switch to the network. For more detailed information, see the indicated chapters. Table 1-2. Network Security-Default Settings and Security Guidelines Feature Secure File Transfers Default Setting not applicable Traffic/Security none Filters Port Security, none MAC Lockdown, and MAC Lockout Security Guidelines More Information and Configuration Details Secure Copy and SFTP provide a secure alternative to TFTP and auto-TFTP for transferring sensitive information such as configuration files and log information between the switch and other devices. Management and Configuration Guide, Appendix A "File Transfers", refer to the section "Using Secure Copy and SFTP" These statically configured filters enhance in-band Chapter 12, "Traffic/Security security (and improve control over access to network Filters and Monitors" resources) by forwarding or dropping inbound network traffic according to the configured criteria. Filter options include: • source-port filters: Inbound traffic from a designated, physical source-port will be forwarded or dropped on a per-port (destination) basis. The features listed below provide device-based access Chapter 11, "Configuring and security in the following ways: Monitoring Port Security" • Port security: Enables configuration of each switch port with a unique list of the MAC addresses of devices that are authorized to access the network through that port. This enables individual ports to detect, prevent, and log attempts by unauthorized See also "Precedence of Port-Based Security Options" on page 1-17 devices to communicate through the switch. Some switch models also include eavesdrop prevention in the port security feature. • MAC lockdown: This "static addressing" feature is used as an alternative to port security to prevent station movement and MAC address "hijacking" by allowing a given MAC address to use only one assigned port on the switch. MAC lockdown also restricts the client device to a specific VLAN. • MAC lockout: This feature enables blocking of a specific MAC address so that the switch drops all traffic to or from the specified address. 1-7