Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6100-ON

851

852

853

854

855

856

857

858

859

860

SSH Lockout Settings

The system has a SSH protection mechanism which, by default, allows 10 login attempts (success or failure) per minute. After the 10th

attempt, the system blocks the user login for one minute (since the rst login attempt) before allowing the next set of login attempts. With

Dell EMC Networking OS version 9.11(0.0), the SSH protection mechanism has been enhanced to allow 60 login attempts (success or

failure) per minute. After 60 attempts, the system blocks the user login for a maximum rate interval which can be specied by the user

using the ip ssh connection-rate-interval CLI command. The ip ssh connection-rate-lockout CLI command

ensures a minimum blocking time after the rate limit has been exceeded.

For more information on the commands, please refer the CLI Reference Guide for the respective system.

Dell EMC Networking OS Security Hardening

The security of a network consists of multiple factors. Apart from access to the device, best practices, and implementing various security

features, security also lies with the integrity of the device. If the software itself is compromised, all of the aforementioned methods become

ineective.

The Dell EMC Networking OS is enhanced verify whether the OS image and the startup conguration le are altered before loading. This

section explains how to congure OS image and startup conguration verication.

Dell EMC Networking OS Image Verication

Dell EMC Networking OS comes with the OS image verication and the startup conguration verication features. When enabled, these

features check the integrity of The OS image and the startup conguration that the system uses while the system reboots and loads only if

they are intact.

Important Points to Remember

• The OS image verication feature is disabled by default on the Dell EMC Networking OS.

• The OS image verication feature is supported for images stored in the local system only.

• The OS image verication feature is not supported when the fastboot or the warmboot features are enabled on the system.

• If OS image verication fails after a reload, the system does not load the startup conguration. The System displays an appropriate

error message until the no verified boot command is used on the system.

• After you enable The OS image verication feature, the system prompts you to enter The OS image hash when you upgrade the Dell

EMC Networking OS to a later version. The system checks if your hash matches with The OS image hash only after reloading.

• After enabling The OS image verication feature, use the verified boot hash command to verify and store the hash value. If you

don’t store the hash value, you cannot reboot the device until you verify The OS image hash.

Enabling and Conguring OS Image Hash Verication

To enable and congure Dell EMC Networking OS image hash verication, follow these steps:

1 Enable the OS image hash verication feature.

CONFIGURATION mode

verified boot

2 Verify the hash checksum of the current OS image le on the local le system.

EXEC Privilege

verified boot hash system-image {A: | B:} hash-value

Security

859