API Guide
Table Of Contents
- Dell EMC SmartFabric OS10 Security Best Practices Guide May 2021
- Contents
- OS10 security best practices
Check if strong password check is enabled
By default, strong password check is enabled on the system and the no service simple-password command is implicit in
the running configuration. To verify if strong password check is enabled, use the following command:
OS10(config)# do show running-configuration | grep simple
service simple-password
Enforce stronger passwords
Rationale: By default, the password you configure must be at least nine alphanumeric and special characters. To increase the
password strength further, enforce the user to use a mix of different characters and increase the password length.
Configuration:
OS10(config)# password-attributes {[min-length number] [character-restriction {[upper
number] [lower number][numeric number] [special-char number]}}
OS10(config)# exit
OS10# write memory
● min-length number—(Optional) Sets the minimum number of required alphanumeric characters, from 6 to 32; default 9.
● character-restriction:
○ upper number—(Optional) Sets the minimum number of uppercase characters that are required, from 0 to 31; default
0.
○ lower number—(Optional) Sets the minimum number of lowercase characters that are required, from 0 to 31; default
0.
○ numeric number—(Optional) Sets the minimum number of numeric characters that are required, from 0 to 31; default
0.
○ special-char number—(Optional) Sets the minimum number of special characters that are required, from 0 to 31;
default 0.
When choosing your password, Dell EMC Networking recommends that you use multiple and easy-to-remember common words
in your password instead of using complex passwords which you may not remember. Combine multiple words that you can
remember and modify the passphrase using special characters and numbers to get a final password. For example, instead of
correcthorsebatterystaple, you can use C0rr3c+h0r5e8atTerystapl3.
NOTE:
To recover a lost or forgotten OS10 username password, including the admin password, see Recover OS10 user
name password.
Obscure passwords
Rationale: When the user views the running configuration, the password in an encrypted form is displayed. Obscure passwords
in show command outputs so that text characters do not display.
Configuration:
OS10(config)# service obscure-password
OS10(config)# exit
OS10# write memory
OS10# show running-configuration users
username admin password **** role sysadmin priv-lvl 15
username desk1 password **** role sysadmin priv-lvl 15
Federal Information Processing Standards (FIPS)
FIPS is a set of government standards that define how certain things are used in the government encryption algorithms.
Enable FIPS you require FIPS in your environment
Rationale: If you enable FIPS, it installs the certificate-key pair as FIPS-compliant which is used by a FIPS-aware application,
such as RADIUS over TLS.
Configuration:
OS10# crypto fips enable
OS10# write memory
6
OS10 security best practices