KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

431

432

433

434

435

436

437

438

439

440

Using HP switch security features

HP switches are designed as “plug and play” devices, allowing quick and easy installation in your

network. In its default configuration the switch is open to unauthorized access of various types.

When preparing the switch for network operation, therefore, HP strongly recommends that you

enforce a security policy to help ensure that the ease in getting started is not used by unauthorized

persons as an opportunity for access and possible malicious actions.

Since security incidents can originate with sources inside as well as outside of an organization,

your access security provisions must protect against internal and external threats while preserving

the necessary network access for authorized clients and users. It is important to evaluate the level

of management access vulnerability existing in your network and take steps to ensure that all

reasonable security precautions are in place. This includes both configurable security options and

physical access to the switch.

Switch management access is available through the following methods:

• Front panel access to the console serial port, see “Physical security” (page 435)

• Inbound Telnet access

• Web-browser access (WebAgent)

• SNMP access

For guidelines on locking down your switch for remote management access, see “Using the

Management Interface wizard” (page 436).

Physical security

Physical access to the switch allows the following:

• Use of the console serial port (CLI and Menu interface) for viewing and changing the current

configuration and for reading status, statistics, and log messages.

• Use of the switch's USB port for file transfers and autorun capabilities.

• Use of the switch's Clear and Reset buttons for these actions:

clearing (removing) local password protection•

• rebooting the switch

• restoring the switch to the factory default configuration (and erasing any non-default

configuration settings)

Keeping the switch in a locked wiring closet or other secure space helps prevent unauthorized

physical access.

As additional precautions, you can do the following:

• Disable or re-enable the password-clearing function of the Clear button.

• Configure the Clear button to reboot the switch after clearing any local usernames and

passwords.

• Modify the operation of the Reset+Clear button combination so that the switch reboots, but

does not restore the switch's factory default settings.

• Disable or re-enable password recovery.

• Disable USB autorun by setting a Manager password, or enable USB autorun in secure mode

so that security credentials are required to use this feature.

For the commands used to configure the Clear and Reset buttons, see “Configuring front panel

security” (page 40). For information on using USB Autorun, see ”Using USB to transfer files to and

from switch” and “Using USB autorun” in the Management and Configuration Guide.

Using HP switch security features 435