Manualshelf

Common Criteria for HP Networking Switches

ManualsBrandsHP ManualsComputer AccessoriesHP 20-port 10/100/1000 PoE+ / 4-port Mini-GBIC zl Module
12345678910
9
SNMP v3 with encryption should be enabled if remote SNMP Management is used. Refer to
“SNMPv1/2c vs. SNMPv3” on page 12.
Replace the default community name (public) with a non-default community name. Refer to
“SNMPv1/2c vs. SNMPv3” on page 12.
Manager and Operator access levels must have a password assigned. Refer to “Local
Authentication” on page 16.
Full individual user identification and authentication can only be achieved if the switch is
configured so that identification and authentication are handled via an external authentication
server (RADIUS or TACACS+) or certificates. Refer to “RADIUS Authentication” on page 17 and
“TACACS Authentication” on page 17.
The console inactivity timer must be configured to a nonzero value. Refer to “Console Inactivity
Timer” on page 18.
There are two recessed buttons on the front-panel of the switch: “password clear” and factory
reset.” Both must be disabled to fully secure the device. Refer to “Password Clear Protection
Front-Panel Security” on page 19.
The switch includes a USB port to receive a flash drive for deploying, troubleshooting, backing
up configurations, or updating switches. This port should be disabled when not in use and
temporarily enabled when needed. Refer to “USB Port” on page 20.
Additional recommendations can also found in the “Hardening HP Networking Switches” section starting
on page 11 of this document.
Caution:
There is a password-recovery feature that is enabled by default. HP strongly recommends that you not
disable password-recovery. Disabling password-recovery requires that factory-reset be enabled, and
locks out the ability to recover a lost manager username (if configured) and password on the switch. In
this event, there is no way to recover from a lost manager username/password situation without
resetting the switch to its factory-default configuration. This can disrupt network operation and make it
necessary to temporarily disconnect the switch from the network to prevent unauthorized access and
other problems while it is being reconfigured. Also, with factory-reset enabled, unauthorized users can
use the Reset + Clear button combination to reset the switch to factory-default configuration and gain
management access to the switch. For more information refer to the following two sections in the
chapter titled “Configuring Username and Password Security” in the Access Security Guide for your
switch (software version K.15.02.0005, May 2010):
“Front-Panel Security
“Password Recovery”