Enforcing Switch Security
Network Access Security
Secure Shell (SSH)SSH provides
■client
■switch SSH and user password authentication: this option is a subset of the client public- key authentication, and is used if the switch has SSH enabled without a login access configured to authenticate the client’s key. In this case, the switch authenticates itself to clients, and users on SSH clients then authenticate themselves to the switch by providing passwords stored on a RADIUS or TACACS+ server, or locally on the switch.
■secure copy (SC) and secure FTP (SFTP): By opening a secure, encrypted SSH session, you can take advantage of SC and SFTP to provide a secure alternative to TFTP for transferring sensitive switch information.
Refer to the chapter titled “Configuring Secure Shell (SSH)” in the Access Security Guide for your switch model. For more on SC and SFTP, refer to the section titled “Using Secure Copy and SFTP” in the “File Transfers” appendix of the Management and Configuration Guide for your switch model.
Secure Socket Layer (SSLv3/TLSv1)This feature includes use of Transport Layer Security (TLSv1) to provide remote web access to the switch via authenticated transactions and encrypted paths between the switch and management station clients capable of SSL/TLS operation. The authenticated type includes server certificate authentication with user password authentication.
Refer to the chapter titled “Configuring Secure Socket Layer (SSL) in the Access Security Guide for your switch model.
Traffic/Security FiltersThese statically configured filters enhance
16