Manualshelf

Common Criteria for HP Networking Switches

ManualsBrandsHP ManualsComputer AccessoriesHP 20-port Gig-T / 4-port SFP v2 zl Module
11121314151617181920
11
Access Security Guide
Advanced Traffic Management Guide
IPv6 Configuration Guide
Management and Configuration Guide
Multicast and Routing Guide
Hardening HP Networking Switches
Executive Summary and Purpose
Security is a growing concern in today’s Information Technology (IT) infrastructure. Upper level
managers and IT managers alike are held to a higher accountability for the integrity and availability of
their data. While host clients and servers often are the focus of security discussions, securing network
devices such as switches and routers should not be ignored. All data traverses these devices, and
properly securing them is paramount to a stable infrastructure.
This section is intended to inform managers and administrators about insecure management protocols
that run on HP switches. It also provides a guide to follow for securing these devices. For product CLI
configuration syntax and advanced features referred to in this document, please obtain the K.15.02
software manual set. To obtain this manual set, refer to “Downloading the K.15.09 or KA.15.09 Software
Manual Set” on page 11.
Insecure Protocols and Secure Alternatives
Out of the box, HP switches and routers run Telnet, Simple Network Management Protocol v1/2c (SNMP
v1/2c), Trivial File Transfer Protocol (TFTP) and Hypertext Transfer Protocol (HTTP) for device
management purposes. These protocols are supported out of the box because they provide an ease of
use that customers expect from the HP Networking product line. For the sake of securing these devices,
these protocols should be disabled.
Telnet vs. Secure Shell
Telnet is insecure by nature as it sends all traffic across the wire in clear text. This includes user names
and passwords. Anyone snooping or sniffing network traffic will be able to see these passwords. It is
recommended that you use Secure Shell (SSH) instead of Telnet. SSH uses asymmetric authentication to
exchange keys and create a secure encrypted session. Follow these steps to enable SSH and disable
Telnet:
HP Switch(config)# crypto key generate ssh
HP Switch(config)# ip ssh
HP Switch(config)# no telnet-server
For details, refer to the chapter titled “Configuring Secure Shell (SSH)” in the Access Security Guide for
your switch,