HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 32
More Information and, Security Guidelines
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 32 highlights
Security Overview Access Security Features Feature Telnet and Web-browser access Default Setting enabled SSH disabled Security Guidelines More Information and Configuration Details The default remote management protocols enabled on "Quick Start: Using the the switch are plain text protocols, which transfer Management Interface passwords in open or plain text that is easily captured. Wizard" on page 1-10 To reduce the chances of unauthorized users capturing For more on Telnet and web your passwords, secure and encrypted protocols such browser access, refer to the as SSH and SSL (see below for details) should be used chapter on "Interface for remote access. This enables you to employ Access and System increased access security while still retaining remote Information" in the client access. Management and Also, access security on the switch is incomplete Configuration Guide. without disabling Telnet and the standard Web browser For RADIUS accounting, access. Among the methods for blocking unauthorized refer to Chapter 6, "RADIUS access attempts using Telnet or the Web browser are Authentication and the following two CLI commands: Accounting" • no telnet-server: This command blocks inbound Telnet access. • no web-management: This command prevents use of the Web browser interface through http (port 80) server access. If you choose not to disable Telnet and Web browser access, you may want to consider using RADIUS accounting to maintain a record of password-protected access to the switch. SSH provides Telnet-like functions through encrypted, "Quick Start: Using the authenticated transactions of the following types: Management Interface • client public-key authentication: uses one or more Wizard" on page 1-10 public keys (from clients) that must be stored on the Chapter 8 "Configuring switch. Only a client with a private key that matches Secure Shell (SSH)" a stored public key can gain access to the switch. • switch SSH and user password authentication: this option is a subset of the client public-key authentication, and is used if the switch has SSH enabled without a login access configured to authenticate the client's key. In this case, the switch authenticates itself to clients, and users on SSH clients then authenticate themselves to the switch by providing passwords stored on a RADIUS or TACACS+ server, or locally on the switch. • secure copy (SC) and secure FTP (SFTP): By opening a secure, encrypted SSH session, you can take advantage of SC and SFTP to provide a secure alternative to TFTP for transferring sensitive switch information. For more on SC and SFTP, refer to the section titled "Using Secure Copy and SFTP" in the "File Transfers" appendix of the Management and Configuration Guide for your switch. 1-4