Security issues, Root, user+, and user privileges, Security issues -5 – Compaq ProLiant Interconnect Switch User Manual

Setting Up and Installing the GbE Interconnect Switch

Compaq ProLiant BL p-Class GbE Interconnect Switch User Guide

2-5

COMPAQ CONFIDENTIAL Codename: Vanilla Part Number: 263680-001 Last Saved On: 4/23/02 9:57 AM

When planning the configuration, consider the default settings for the following parameters:

• Switch IP settings
• VLAN and Group VLAN Registration Protocol (GVRP) settings
• STP settings
• Port names and types
• Multilink trunk settings
• CoS settings
• Interswitch cross-connect settings
• SNMP/RMON settings
• User name and password settings
• Default access to various management interfaces
• IGMP Snooping settings

IMPORTANT: Refer to Appendix C for a complete list of default configuration settings.

Security Issues

When planning the configuration for a GbE Interconnect Switch, to secure access to the
management interface:

• Create users with various access levels to the local console, remote Telnet, and Web

interface. Refer to Table 2-1 for the three levels of user access privileges.

• Enable or disable access to various management interfaces to fit the security policy.
• Change default SNMP/RMON community strings for read-only and read-write access.

Root, User+, and User Privileges

There are three levels of user privileges: Root, User+, and User. Some menu selections
available to users with Root privileges may not be available to those with User+ and User
privileges. The following table summarizes the user privileges.

Table 2-1: User Privileges

Privilege Root

User+

User

Configuration Yes

Read-only

Read-only

Network Monitoring

Yes

Read-only

Read-only

Community Strings and Trap Stations

Yes

Read-only

Read-only

Update Firmware and Configuration Files

Yes

No

No

System Utilities

Yes

Ping-only

Ping-only

continued