Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

fingerprint, 230

currently-blocked hosts

listing, 57

customizing

HTML templates, 91

user login web pages, 90

D

default configuration and security, 428

default settings

802.1X:access control, none, 444

aaa authentication parameters, 138

aaa port-access mac-based, 77

ACLs, none, 443

authorized ip managers, none, 443

cached-reauth-limit, <i>no limit<i>, 175

connection-rate filtering, none, 447

DHCP snooping, none;default settings:dynamic arp

protection, none;default settings:dynamic IP lockdown,

none, 447

dyn-autz-port <i> 3799 <i>, 151

factory reset, enabled, 40

front panel security, 40

front-panel-security, 40

ICMP rate-liming, none, 447

key management system, none, 446

MAC authentication, disabled, 444

MAC lockdown and lockout, none, 446

manager password, no password, 441

passwords

password recovery, enabled, 40

password-clear, enabled, 41

passwords:password recovery, enabled, 44

passwords:reset-on-clear, disabled, 40

port security, none, 446

port security, off or 'continuous', 396

RADIUS authentication, disabled, 443

RADIUS:global parameters, 144

RADIUS:radius-server dead-time, 0 minutes, 150

RADIUS:radius-server retransmit, 3 seconds, 151

RADIUS:radius-server timeout, 5 seconds, 151

RADIUS:server key, null, 144

secure management vlan, disabled, 443

security:access security and authentication, 444

security:network security, 448

SNMP access, 436

SNMP access to the security MIB, open, 181

SNMP, public, unrestricted, 442

spanning tree: bpdu protection, none;default

settings:spanning tree: bpdu filtering, none, 447

SSH, disabled, 442

SSL, disabled, 442

TACACS+

login attempts, 3, 122

TACACS+:authentication configuration, 130

TACACS+:authentication, disabled, 443

TACACS+:tacacs-server-timeout, 5 seconds, 129

TCP port number for SSH connections, 22, 234

Telnet access, enabled, 441

time-window, 300 seconds, 149

traffic/security filters, none, 445

UDP destination port for authentication, 1812;default

settings:UDP destination port for accounting, 1813,

142

usb autorun, disabled(if password), 445

usb autorun, enabled (if no password);, 445

virus throttling, none, 447

web and MAC authentication, 77

Web authentication, disabled, 444

Web-browser access, enabled, 441

defined

VACL defined, 305

defualt settings

dyn-authorization, <i> disabled <i>, 148

deleting

password protection, 22

DHCP-snooping max-bindings

max-bindings, 374

DHCPv4

DHCP Snooping, 374

Dynamic Configuration Arbiter (DCA)

applying settings to non-authenticated clients, 438

hierarchy of precedence in authentication sessions, 439

overview, 438

E

eavesdrop prevention

configured mode, 399

continuous learn mode, 399

disabling, 398

interactions with learn modes, 398

limited-continuous mode, 399

mib support, 369

overview, 398

static mode, 399

Eavesdrop Protection, 397

Enabling manager password

Local login — manager, 256

Enabling SSL on the switch

SSL browser, 257

encryption key

RADIUS, 46

TACACS, 46

enhanced secure mode

authentication, 503

MIB CLI commands, 499

opacity shields command, 502

password commands, 500

password operating notes, 503

secret keys, 501

show commands, 498, 499

ssh commands, 502

SSL, 502

Zeroizing, 502

event log

intrusion alerts, 386

530 Index