beautypg.com

Configuring standard security features, Ensuring network security, 3 configuring standard security features – HP Brocade 4Gb SAN Switch for HP BladeSystem p-Class User Manual

Page 39

background image

Fabric OS 5.0.0 procedures user guide

39

3 Configuring standard security features

This chapter provides information and procedures for standard Fabric OS security features. Standard

Fabric OS features include account and password management. Additional security is available when

secure mode is enabled. For information about licensed security features available in Secure Fabric OS,

refer to the HP StorageWorks Secure Fabric OS user guide.

This chapter contains the following sections:

Ensuring network security

, page 39

Configuring the telnet interface

, page 40

Blocking listeners

, page 41

Accessing switches and fabrics

, page 42

Creating and maintaining user-defined accounts

, page 43

Changing an account password

, page 45

Setting up RADIUS AAA service

, page 46

Configuring for the SSL protocol

, page 54

Configuring for SNMP

, page 60

Configuring secure file copy

, page 69

Setting the boot PROM password

, page 70

Recovering forgotten passwords

, page 73

Ensuring network security

To ensure security, Fabric OS supports secure shell (SSH) encrypted sessions. SSH encrypts all messages,

including the client’s transmission of password during login. The SSH package contains a daemon (sshd),

which runs on the switch. The daemon supports a wide variety of encryption algorithms such as

Blowfish-CBC and AES.

NOTE:

To maintain a secure network, you should avoid using telnet or any other unprotected

application when you are working on the switch. For example, if you use telnet to connect to a machine,

then start an SSH or secure telnet session from that machine to the switch, the communication to the

switch is in clear text, and therefore is not secure.

The FTP protocol is also not secure. When you use FTP to copy files to or from the switch, the contents are

in clear text. This includes the remote FTP server's login and password. This limitation affects the following

commands:

savecore

,

configupload

,

configdownload

, and

firmwaredownload

.

Commands that require a secure login channel must be issued from an original SSH session. If you start

an SSH session, use the login command to start a nested SSH session, commands that require a secure

channel are rejected.

See also other documents in the category HP Storage: