958-000284-007, March 2005)

• Encr yption of Passwords and Secrets Shared with HAFM—All secrets

and password information are passed in encrypted format for greater security.

This prevents “snooping” of Ethernet connection to capture user login and

authentication secret information.

• RAD IUS Server Support—This provides support for IETF RADIUS (Remote

Authentication Dial In User Service) protocol for p

assword authentication.

Firmware 07.00.00 allows users to configure settings for using a RADIUS server.

RADIUS provides centralized authentication services for multiple devices on a

network. This mea ns that several switches can be configured to use a singl e

RADIUS server.

• Prompted Ch an ge of EWS and CLI Passwords from Default—This

prompts users to modify the password settings for both the CLI and EWS

interfaces the first time they log in using either of these i nter faces.

• RBAC Phas e I: Enhan ced User Rights Co n ﬁ gura tion—RBAC is role

based access control. This is the first phase of more comprehensive role-based

access control planned for the CLI and EWS interfaces. M ultiple users can now

be configured for EWS or CLI, or both, through either interface. This allows

users to c onfigure additional user name/password combinations.

• SSH for CLI—Secure Shell (SSH) provides an encrypted connection, as an

alternative to Telnet, to secur e CLI access to switches and directors.

• Enhanced Maintenance Port Security—This allows users to enable

enhanced authorization on the maintenance port, which is the switch or director

RS-232 connection. Enhanced Authorization mode enforces stronger security

policies, requiring users to change the well-known password to a case- sensitive

private password the first time they use the maintenance por t. Subsequent access

by service personnel will require log in through the private customer-level access.

• Security Log—The Security Log is a new log available in EWS, CLI, and

HAFM that records various events concerning integrity of a switch. This includes

authorization or authentication problem detection, and approved and invalid

access attempts. Each log entr y provides an event number or reason, a

date/time stamp, a trigger level (a type of security event severity), an event

count, and a category and data per taining to the specific event. The lo g wraps

at 200 entries. This log provides customers with details to track down at tempted

security threats and identify the source of problems that m ight jeopardize the

switch integrity.

• IP Access Control List—This allows users to establish a list of IP addresses

from which the switch is allowed to accept connections. This prevents users

who have access to the Ethernet LAN from attempting to access the Fibre

Channel switches. Connection attempts from unauthorized IP add resses are

ignored by the switch, making it appea r that no device is connected. This

is primarily intended for environments that are not on a private, inaccessible

subnet,suchaswheninstalledinmostcabinetconfigurationswithadual-NIC

HAFM appliance Processor.

HP StorageWorks Edge Switch release notes