Reset Search
 

 

Article

EXOS Switch Security Checklist and Best Practice

« Go Back

Information

 
TitleEXOS Switch Security Checklist and Best Practice
Question
What are the EXOS switch security checklist and best practice?
Can you provide EXOS / Summit / Blackdiamond hardening information?
Environment
  • EXOS
  • Summit
  • BlackDiamond
Answer
ExtremeXOS Switch Security Checklist

The checklist below summarizes the most important security tasks to be completed on a switch .
Each item should be employed at all levels of an ExtremeXOS network.
Extreme EXOS switch best practices
Additional notes
Enhanced security mode question.

The switch offers an enhanced security mode. Would you like to read more,
and have the choice to enable this enhanced security mode? [y/N/q]: Yes

Enhanced security mode configures the following defaults:

        * Disable Telnet server.
        * Disable HTTP server.
        * Disable SNMP server.
        * Remove all factory default SNMP users & community names.
        * Remove all factory default login accounts.
        * Force creation of a new admin (read-write) account.
        * Force setting of failsafe username & password.
        * Lockout accounts for 5 minutes after 3 consecutive login failures.
        * Plaintext password entry will not be allowed.
        * Generate an event when the logging memory buffer exceeds 90% of capacity.
        * Only admin privilege accounts are permitted to run "show log".
        * Only admin privilege accounts are permitted to run "show diagnostics".

Would you like to use this enhanced security mode? [Y/n/q]: Yes

Please create an admin (read-write) account.
user name: extreme
password:
Reenter password:
Error:  Password length cannot be less than 8 characters.
user name: extreme
password:
Reenter password:

Changing the failsafe username and password ...
enter failsafe user name: extremefs
enter failsafe password:
enter password again:
Enhanced security settings applied. Please consider these additional
security settings

All ports are enabled by default. In some secure applications, it maybe more
desirable for the ports to be turned off.

Would you like unconfigured ports to be turned off by default? [y/N/q]: Yes
Disabling all ports ... done

Would you like to permit failsafe account access via the management port?
[y/N/q]: No

The switch can proactively attempt to send basic configuration and
operational switch information for the purpose of assisting technical
support to resolve customer-reported issues. Uploaded data is encrypted if
the ssh.xmod is installed. Otherwise, a reduced switch data set is sent
in clear text that contains no customer-specific information.

Would you like to disable the automatic switch reporting service?
[Y/n/q]: Yes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255