Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

Network security features

This section outlines features and defence mechanisms for protecting access through the switch to

the network.

Table 48 Network Security—Default Settings and Security Guidelines

More information and configuration

details

Security guidelinesDefault settingFeature

Management and Configuration

Guide, Appendix A "File Transfers",

see "Using Secure Copy and SFTP"

Secure Copy and SFTP provide a

secure alternative to TFTP and

auto-TFTP for transferring sensitive

not applicableSecure File Transfers

information such as configuration

files and log information between

the switch and other devices.

Management and Configuration

Guide, Appendix A "File Transfers",

see "USB Autorun"

Used in conjunction with HP

PCM+, this feature allows

diagnosis and automated updates

enabled (disabled once

a password has been

set)

USB Autorun

to the switch via the USB flash

drive. When enabled in secure

mode, this is done with secure

credentials to prevent tampering.

Note that the USB Autorun feature

is disabled automatically, once a

password has been set on the

switch.

These statically configured filters

enhance in-band security (and

noneTraffic/Security

Filters

improve control over access to

network resources) by forwarding

or dropping inbound network

traffic according to the configured

criteria. Filter options include:

• source-port filters:

Inbound traffic from a

designated, physical

source-port will be forwarded

or dropped on a per-port

(destination) basis.

• multicast filters:

Inbound traffic having a

specified multicast MAC

address will be forwarded to

outbound ports or dropped on

a per-port (destination) basis.

• protocol filters: Inbound

traffic having the selected frame

(protocol) type will be

forwarded or dropped on a

per-port (destination) basis.

“IPv4 Access Control Lists (ACLs)”

(page 259)

ACLs can filter traffic to or from a

host, a group of hosts, or entire

noneAccess Control Lists

(ACLs)

subnets. Layer 3 IP filtering with

Access Control Lists (ACLs) enables

you to improve network

performance and restrict network

use by creating policies for:

• Switch Management Access:

Permits or denies in-band

management access. This

includes preventing the use of

certain TCP or UDP applications

(such as Telnet, SSH,

Using HP switch security features 445