Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Multi-Service IronWare Security Configuration Guide

5

53-1003035-02

Securing access methods

1

SNMP (Brocade Network
Advisor) access

SNMP read or
read-write community
strings and the
password to the
Super User privilege
level
NOTE: SNMP read or

read-write
community
strings are
always
required for
SNMP access
to the device.

SNMP access is
disabled by default.

Regulate SNMP access using ACLs

Allow SNMP access only from specific IP
addresses

Disable SNMP access

Allow SNMP access only to clients
connected to a specific VLAN

Establish passwords to management levels
of the CLI

Set up local user accounts

Configure AAA command for SNMP access

Establish SNMP read or read-write
community strings

TFTP access

Not secured

Allow TFTP access only to clients connected
to a specific VLAN

Secure Copy access

Secured access if
SSH server is enabled

Configure DSA or RSA host keys

Disable SSH server.

Password Authentication

Public key authentication using client's
public key
(excludes use of username and password
credentials)

Regulate SSH access using ACLs

Allow SSH access only from specific IP
addresses

Establish passwords for privilege levels of
the CLI

Set up local user accounts

Configure TACACS or TACACS+ security

Configure RADIUS security

TABLE 3

Ways to secure management access to the Brocade devices (Continued)

Access method

How the access method
is secured by default

Ways to secure the access method