Filter
Top Products
30 Managing fabrics
Securing a fabric
Fabric security consists of the following:
• Connection security, page 30
• User account security, page 30
• Security consistency checklist, page 30
• Device security, page 31
• Fabric services, page 37
Connection security
Connection security provides an encrypted data path for switch management methods. The switch supports
the Secure Shell (SSH) protocol for the CLI and the Secure Socket Layer (SSL) protocol for management
applications such as McDATA Web Server and Common Information Module (CIM).
The SSL handshake process between the workstation and the switch involves the exchanging of certificates.
These certificates contain the public and private keys that define the encryption. The switch certificate is
valid for one year beginning with its creation date and time. The workstation validates the switch certificate
by comparing the workstation date and time to the switch certificate creation date and time. For this
reason, it is important to synchronize the workstation and switch with the same date, time, and time zone.
If a certificate has not been created by the user, the switch will automatically create one.
Consider your requirements for connection security: for the CLI (SSH), management applications such as
McDATA Web Server (SSL), or both. If SSL connection security is required, also consider using the Network
Time Protocol (NTP) to synchronize date/time between workstations and switches.
User account security
User account security is the process by which your user account and password are authenticated with the
list of valid user accounts and passwords. The switch validates your account and password when you
attempt to add a fabric using McDATA Web Server or log in to a switch through Telnet. Your system
administrator defines accounts, passwords, and authority levels that are stored on the switch. Refer to
”Managing user accounts” on page 63 for more information.
The Admin account possesses Admin authority which grants full access to all tasks of the McDATA Web
Server menu system. The switch validates your user account and McDATA Web Server grants access to its
menus according to your authority level. If you do not have Admin authority, you are limited to monitoring
tasks.
NOTE: If a user is logged into a switch using McDATA Web Server or CLI, and an administrator changes
user access rights and passwords, existing login sessions will not be affected by the new settings. Login
access and privileges are only checked for a new login request.
Security consistency checklist
The Security Consistency Checklist dialog enables you to compare security-related features on switches to
check for inconsistencies. Any changes must be made through the appropriate dialog, such as Network
Properties dialog, Switch Properties dialog, or SNMP Properties dialog. Select Switch > Security
Consistency Checklist to open the Security Consistency Checklist dialog.