Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

Table 47 Access Security and Switch Authentication Features (continued)

More information and configuration

details

Security guidelinesDefault settingFeature

“Using the Management Interface

wizard” (page 436)

SSH provides Telnet-like functions

through encrypted, authenticated

transactions of the following types:

disabledSSH

“Secure Shell (SSH)” (page 227)

• client public-key authentication:

uses one or more public keys

(from clients) that must be

stored on the switch. Only a

client with a private key that

matches a stored public key

can gain access to the switch.

• switch SSH and user password

authentication: this option is a

subset of the client public-key

authentication, and is used if

the switch has SSH enabled

without a login access

configured to authenticate the

client's key. In this case, the

switch authenticates itself to

clients, and users on SSH

clients then authenticate

themselves to the switch by

providing passwords stored on

a RADIUS or TACACS+ server,

or locally on the switch.

• secure copy (SC) and secure

FTP (SFTP): By opening a

secure, encrypted SSH session,

you can take advantage of SC

and SFTP to provide a secure

alternative to TFTP for

transferring sensitive switch

information. For more on SC

and SFTP, see the section titled

"Using Secure Copy and SFTP"

in the "File Transfers" appendix

of the Management and

Configuration Guide for your

switch.

“Using the Management Interface

wizard” (page 436)

Secure Socket Layer (SSL) and

Transport Layer Security (TLS)

disabledSSL

“Secure web management”

(page 256)

provide remote Web browser

access (WebAgent) to the switch

via authenticated transactions and

encrypted paths between the

switch and management station

clients capable of SSL/TLS

operation. The authenticated type

includes server certificate

authentication with user password

authentication.

“Using HP switch security features”

(page 435)

In the default configuration, the

switch is open to access by

public, unrestrictedSNMP

“Using the Management Interface

wizard” (page 436)

management stations running

SNMP management applications

capable of viewing and changing

Management and Configuration

Guide, Chapter 14, see the section

the settings and status data in the

switch MIB (Management

"Using SNMP Tools To Manage the

Switch"

Information Base). Thus, controlling

SNMP access to the switch and

442 Traffic/Security Features and Monitors