Q-Logic 64 Manuel D’Utilisation
3 – Planning
Fabric Security
59043-03 A
3-11
D
3.5
Fabric Security
An effective security profile begins with a security policy that states the
requirements. A threat analysis is needed to define the plan of action followed by
an implementation that meets the security policy requirements. Internet portals,
such as remote access and email, usually present the greatest threats. Fabric
security should also be considered in defining the IT infrastructure security policy.
requirements. A threat analysis is needed to define the plan of action followed by
an implementation that meets the security policy requirements. Internet portals,
such as remote access and email, usually present the greatest threats. Fabric
security should also be considered in defining the IT infrastructure security policy.
Most fabrics are located at a single site and are protected by physical security,
such as key-code locked computer rooms. For these cases, security methods
such as user passwords for equipment and zoning for controlling device access,
are satisfactory.
such as key-code locked computer rooms. For these cases, security methods
such as user passwords for equipment and zoning for controlling device access,
are satisfactory.
Fabric security is needed when security policy requirements are more demanding:
for example, when fabrics span multiple locations and traditional physical
protection is insufficient to protect the IT infrastructure. Another benefit of fabric
security is that it creates a structure that helps prevent unintended changes to the
fabric.
for example, when fabrics span multiple locations and traditional physical
protection is insufficient to protect the IT infrastructure. Another benefit of fabric
security is that it creates a structure that helps prevent unintended changes to the
fabric.
Fabric security consists of the following:
User account security
Device security
Fabric services
3.5.1
User Account Security
User account security consists of the administration of account names,
passwords, expiration date, and authority level. If an account has Admin authority,
all management tasks can be performed by that account in both SANbox Manager
and the Command Line Interface. Otherwise only monitoring tasks are available.
The default account name, Admin, is the only account that can administer user
accounts. Refer to
passwords, expiration date, and authority level. If an account has Admin authority,
all management tasks can be performed by that account in both SANbox Manager
and the Command Line Interface. Otherwise only monitoring tasks are available.
The default account name, Admin, is the only account that can administer user
accounts. Refer to
. Consider your management
needs and determine the number of user accounts, their authority needs, and
expiration dates.
expiration dates.
Account names and passwords are always required when connecting to a switch
through Telnet. However, SANbox Manager does not authenticate account names
when opening a fabric unless the UserAuthentication parameter is set to True
using the Set Setup System command. Refer to the
through Telnet. However, SANbox Manager does not authenticate account names
when opening a fabric unless the UserAuthentication parameter is set to True
using the Set Setup System command. Refer to the
for more information. The UserAuthentication parameter must be
configured the same for all switches in the fabric. If the UserAuthentication
parameter is False (default), SANbox Manager logs you in with the Admin account
name and password (password). Consider your user accounts and determine
whether user authentication is necessary.
parameter is False (default), SANbox Manager logs you in with the Admin account
name and password (password). Consider your user accounts and determine
whether user authentication is necessary.