Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

4

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Securing access methods

1

Secure Shell (SSH) access

For more information on SSH,
refer to Multi-Service IronWare
Switching Configuration
Guide.

Not configured

Configure DSA or RSA host keys

Disable SSH server.

Password Authentication

Public key authentication using client's
public key
(excludes use of username and password
credentials)

Regulate SSH access using ACLs

Allow SSH access only from specific IP
addresses

Establish passwords for privilege levels of
the CLI

Set up local user accounts

Configure TACACS or TACACS+ security

Configure RADIUS security

Web management access

SNMP read or
read-write community
strings
Web server is turned
off by default.

Note: Web access is
not allowed in
Brocade NetIron CES
and Brocade NetIron
CER devices.

Regulate Web management access using
ACLs

Allow Web management access only from
specific IP addresses

Allow Web management access only to
clients connected to a specific VLAN

Disable Web management access

Configure SSL security for the Web
Management Interface

Set up local user accounts

Establish SNMP read or read-write
community strings for SNMP versions 1 and
2

Configure AAA command for Web access

Configure TACACS or TACACS+ security

Configure RADIUS security

TABLE 3

Ways to secure management access to the Brocade devices (Continued)

Access method

How the access method
is secured by default

Ways to secure the access method