Typically, you are authenticated to the switch while the switch remains unauthenticated to you. This
means that you can be sure with what you are communicating. The next level of security, in which both
ends of the conversation are sure with whom they are communicating, is known as two-factor
authentication. Two-factor authentication requires public key infrastructure (PKI) deployment to clients.

Fabric OS supports the secure protocols shown in the following table.

Secure protocol support

TABLE 28

Protocol Description

CHAP

Challenge Handshake Authentication Protocol (CHAP) uses shared secrets to authenticate switches.

HTTPS

HTTPS is a Uniform Resource Identifier scheme used to indicate a secure HTTP connection. Web Tools
supports the use of Hypertext Transfer Protocol over SSL (HTTPS).

IPsec

Internet Protocol Security (IPsec) is a framework of open standards for providing confidentiality,
authentication and integrity for IP data transmitted over untrusted links or networks.

LDAP

Lightweight Directory Access Protocol with TLS uses a certificate authority (CA). By default, LDAP traffic
is transmitted unsecured. With the import of signed certificates, you can make LDAP traffic confidential
and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology in
conjunction with LDAP.

SCP

Secure Copy (SCP) is a means of securely transferring computer files between a local and a remote
host or between two remote hosts, using the Secure Shell (SSH) protocol. Configuration upload and
download support the use of SCP.

SFTP

Secure File Transfer Protocol (SFTP) is a network protocol for securely transferring files on a network.
Configuration upload and download support the use of SFTP.

SNMP

Simple Network Management Protocol (SNMP) is used in network management systems to monitor
network-attached devices for conditions that warrant administrative attention. Supports SNMPv1 and v3.

Fabric OS Administrators Guide

173

53-1003130-01