Enforcing Switch Security

Switch Management Access Security

Caution:

Downloading and booting from the M.08.89 or greater software version for the first time enables SNMP access to the authentication configuration MIB (the default action). If SNMPv3 and other security safeguards are not in place, the switch’s authentication configuration MIB is exposed to unprotected SNMP access and you should use the above command to disable this access.

2.If you choose to leave the authentication configuration MIB accessible, then you should do the following to help ensure that unauthorized workstations cannot use SNMP tools to access the MIB:

Configure SNMP version 3 management and access security on the switch.

Disable SNMP version 2c on the switch.

Refer to “Using SNMP Tools To Manage the Switch” in the chapter titled “Configuring for Network Management Applications” in the Management and Configuration Guide for your switch. .

Physical Access to the Switch

Physical access to the switch allows the following:

use of the console serial port (CLI and Menu interface) for viewing and changing the current configuration and for reading status, statistics, and log messages.

use of the switch’s Clear and Reset buttons for these actions:

clearing (removing) local password protection

rebooting the switch

restoring the switch to the factory default configuration (and erasing any nondefault configuration settings)

Keeping the switch in a locked wiring closet or other secure space helps to prevent unauthorized physical access. As additional precautions, you can do the following:

Disable or re-enable the password-clearing function of the Clear button.

Configure the Clear button to reboot the switch after clearing any local usernames and passwords.

Modify the operation of the Reset+Clear button combination so that the switch reboots, but does not restore the switch’s factory default settings.

Disable or re-enable password recovery.

13

Page 23
Image 23
HP 3400CL-24G manual Physical Access to the Switch