Brocade Fabric OS Administrator's Guide Supporting Fabric OS v6.3.0 (53-1001336-02, November 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class

141

142

143

144

145

146

147

148

149

150

Fabric OS Administrator’s Guide 107

53-1001336-02

Chapter

Configuring Standard Security Features

In this chapter

•Security protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

•Secure Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

•Secure Shell protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

•Secure Sockets Layer protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

•Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

•Telnet protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

•Listener applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

•Ports and applications used by switches. . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Security protocols

Security protocols provide endpoint authentication and communications privacy using

cryptography. Typically, you are authenticated to the switch while the switch remains

unauthenticated to you. This means that you can be sure with what you are communicating. The

next level of security, in which both ends of the conversation are sure with whom they are

communicating, is known as two-factor authentication. Two-factor authentication requires public

key infrastructure (PKI) deployment to clients.

Fabric OS supports the secure protocols shown in Table 16.

TABLE 16 Secure protocol support

Protocol Description

HTTPS HTTPS is a Uniform Resource Identifier scheme used to indicate a secure HTTP

connection. Web Tools supports the use of hypertext transfer protocol over secure

socket layer (HTTPS).

IPsec Internet Protocol Security (IPsec) is a framework of open standards for providing

confidentiality, authentication and integrity for IP data transmitted over untrusted

links or networks.

LDAPS Lightweight Directory Access Protocol over SSL uses a certificate authority (CA). By

default, LDAP traffic is transmitted unsecured. You can make LDAP traffic

confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer

Security (TLS) technology in conjunction with LDAP.

SCP Secure Copy (SCP) is a means of securely transferring computer files between a

local and a remote host or between two remote hosts, using the Secure Shell (SSH)

protocol. Configuration upload and download support the use of SCP.

SNMP SNMP is used in network management systems to monitor network-attached

devices for conditions that warrant administrative attention. Supports SNMPv1, v2,

and v3.