Yeni Yorum Gönder 
 
Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
Disabling the Telnet protocol on Brocade SAN switches
05.07.2017, 17:03 (Bu konu en son: 05.07.2017 Tarihinde, Saat: 17:26 düzenlenmiştir. Düzenleyen: admin.)
Yorum: #1
Disabling the Telnet protocol on Brocade SAN switches
By default Brocade SAN switches have the Telnet protocol enabled, you may wish to disable this as part of security hardening of your devices to mitigate to the session being transmitted in clear text and enforce SSH connectivity as the management protocol.

In order to disable the Telnet protocol you will be required to modify the IP filter policy to disable inbound connectivity to the TCP service port, which can be performed using the Fabric OS CLI.

As the default IP filter policy cannot be modified, in order to modify the rules an IP filter policy is required to be created by cloning the default policy.

1 ipfilter –-clone deny_telnet_ipv4 -from default_ipv4
2 ipfilter –-clone deny_telnet_ipv6 -from default_ipv6

Once we have cloned the default policies we will be required to remove the existing rule to permit connectivity on TCP service port 23. By invoking the command ‘ipfilter –show’, we can determine the current rule number which permits the connectivity.

1 ipfilter --delrule deny_telnet_ipv4 -rule 2
2 ipfilter --delrule deny_telnet_ipv6 -rule 2

Now we will add the rule to deny inbound connectivity to the fabric switch on TCP service port 23.

1 ipfilter –-addrule deny_telnet_ipv4 -rule 2 -sip any -dp 23 -proto tcp -act deny
2 ipfilter –-addrule deny_telnet_ipv6 -rule 2 -sip any -dp 23 -proto tcp -act deny


Now that we have created the rule we will first save the IP filter policy and then apply to the fabric switch

1 ipfilter –-save deny_telnet_ipv4
2 ipfilter –-save deny_telnet_ipv6
3 ipfilter –-activate deny_telnet_ipv4
4 ipfilter –-activate deny_telnet_ipv6

SNMP Port Disable

snmpconfig --disable snmpv1
Tüm Mesajlarına Bak
Alıntı ile Cevapla
Yeni Yorum Gönder 


Hızlı Menü:


Şu anda bu konuyu okuyanlar: 1 Ziyaretçi

İletişim | Hoş Geldiniz | Yukarı Git | İçeriğe Git | Arşiv | RSS Beslemesi