Security Overview

Network Security Features

Network Security Features

This section outlines features and defence mechanisms for protecting access through the switch to the network. For more detailed information, see the indicated chapters.

Table 1-2. Network Security—Default Settings and Security Guidelines

Feature

Default

Security Guidelines

More Information and

 

Setting

 

Configuration Details

 

 

 

 

Secure File

not

Secure Copy and SFTP provide a secure alternative to

Management and

Transfers

applicable

TFTP and auto-TFTP for transferring sensitive

Configuration Guide,

 

 

information such as configuration files and log

Appendix A “File Transfers”,

 

 

information between the switch and other devices.

refer to the section “Using

 

 

 

Secure Copy and SFTP”

USB Autorun

enabled

Used in conjunction with ProCurve Manager Plus, this

 

(disabled

feature allows diagnosis and automated updates to the

 

once a

switch via the USB flash drive. When enabled in secure

 

password

mode, this is done with secure credentials to prevent

 

has been set)

tampering. Note that the USB Autorun feature is

 

 

disabled automatically, once a password has been set

 

 

on the switch.

Management and Configuration Guide, Appendix A “File Transfers”, refer to the section “USB Autorun”

Traffic/Security none

These statically configured filters enhance in-band

Chapter 12, “Traffic/Security

Filters

security (and improve control over access to network

Filters and Monitors”

 

resources) by forwarding or dropping inbound network

 

 

traffic according to the configured criteria. Filter options

 

 

include:

 

 

source-port filters: Inbound traffic from a

 

 

designated, physical source-port will be forwarded

 

 

or dropped on a per-port (destination) basis.

 

 

multicast filters: Inbound traffic having a specified

 

 

multicast MAC address will be forwarded to

 

 

outbound ports or dropped on a per-port (destination)

 

 

basis.

 

 

protocol filters: Inbound traffic having the selected

 

 

frame (protocol) type will be forwarded or dropped

 

 

on a per-port (destination) basis.

 

 

 

 

1-7