Brocade Communications Systems 8/40 Service Manual download pdf (Page 8)

BCSM IN A NUTSHELL 2008

Page 6 of 44

ADDITIONAL BEST PRACTICES

• Implement the Track Changes feature in Fabric OS to see who logged in and when, and it reports

them as messages in the RASlog

• Restrict responsibilities by assigning a different user name to each SAN administrator and a

specific role using Role-Based Access Controls (RBAC)

• Use Virtual Fabrics and Fibre Channel routing

• Use a login banner to provide legal support

• Manage multiple user accounts with RADIUS for centralized login management

RBAC IN FABRIC OS V5.3

• user – view only privileges

• zoneadmin - can perform zone operations only

• basicswitchadmin - can do mostly monitoring with very limited switch (local) command capability

• operator - can perform operations typically required during “off-hours” when an Admin is not

present

• switchadmin – can perform most operations not involving security

• fabricadmin - can perform all operations except user and Virtual Administrative Domain (AD)

• securityadmin – grants permission for all security-related configuration operations only

• admin – the only role that can manage all features

SECURE PROTOCOLS

• SCP for firmware downloads and also for configuration file uploads/downloads

• HTTPS (requires a digital certificate) for Web Tools

• SSL in lieu of telnet

• SNMPv3 (but does not use a reliable transport protocol)

• IPsec for FCIP tunnels

PASSWORD STRENGTHENING POLICIES

• Account lockout

• Password expiration

• Password strength

• Password history

1 2 3 4 5 6 7 8 9 10 11 12 13 ... 45 46

No comments

Brocade Communications Systems 8/40 Service Manual Page 8