Planning
2-9
Fabric Security
• Network Time Protocol (NTP): Provides for the synchronizing of switch
and workstation dates and times with an NTP server. This helps to
prevent invalid SSL certificates and timestamp confusion in the event log.
The default is disabled.
• Common Information Model (CIM): Provides for the management of the
switch through third-party applications that use CIM. The default is
enabled.
• File Transfer Protocol (FTP): Provides for transferring files rapidly
between the workstation and the switch using FTP. The default is enabled.
• Management Server (MS): Enables or disables the management of the
switch through third-party applications that use GS-3 Management
Server. The default is disabled.
Fabric Security
An effective security profile begins with a security policy that states the
requirements. A threat analysis is needed to define the plan of action followed
by an implementation that meets the security policy requirements. Internet
portals, such as remote access and E-mail, usually present the greatest threats.
Fabric security should also be considered in defining the security policy.
Most fabrics are located at a single site and are protected by physical security,
such as key-code locked computer rooms. For these cases, security methods
such as user passwords for equipment and zoning for controlling device
access, are satisfactory.
Fabric security is needed when security policy requirements are more
demanding: for example, when fabrics span multiple locations and
traditional physical protection is insufficient to protect the IT infrastructure.
Another benefit of fabric security is that it creates a structure that helps
prevent unintended changes to the fabric.
Fabric security consists of the following:
• Connection Security
• Device Security
• User Account Security