Tips: six principles of security settings switch
L2-L4 layer filter New switch now rule most of the way through the establishment of a variety of filtering needs to achieve. Rule set has two modes, one is MAC mode, the source according to user needs based on valid MAC or destination MAC for data isolation, the other is the IP model, can be the source IP, the purpose IP, protocol, source application port and Objective port filtering data packets; establish good rules must be attached to the corresponding receive or send port, then when the switch this port to receive or transmit data, according to filtering rules to filter packets, the decision is forwarded or discarded. In addition, the switch via hardware "logic and non-gate" to the filtering rules of logic operation, determined to achieve filtering rules, and not affect the data forwarding rate.
802.1X port-based access control To prevent unauthorized users access to the local area network to ensure network security, port-based access control protocol 802.1X wired LAN or WLAN in terms of both widely used. For example, a new generation of ASUS latest GigaX2024/2048 products not only support the 802.1X switch the Local, RADIUS authentication, and support the DynamicVLAN 802.1X access, that VLAN and 802.1X based on accounts held by a user users regardless of where within the network access, will go beyond the original 802.1Q Port-based VLAN, under the restrictions, has access to this account within a specified VLAN group, this feature not only for mobile users within the network application of resources provides convenience and flexibility, while applications to protect the security of network resources; addition, GigaX2024/2048 switch also supports 802.1X's GuestVLAN function, that the application of 802.1X, if the port specified GuestVLAN item, under the port access into the user if authentication fails or if not free user account, will be GuestVLAN group members can enjoy this group to the corresponding network resources, such a function can also be applied for the network open to certain groups of minimum resources, and to the network provides the most secure external access.
Flow control (trafficcontrol) Switch flow control can be prevented because the broadcast packets, multicast packets and error because the destination address unicast packet switch bandwidth of data flow anomaly caused by excessive load, and improve overall system performance, maintaining network security stable operation.
SNMPv3 and SSH SNMPv3 security network put forward a new architecture, will focus on all versions of SNMP standards together, thus enhancing network security. SNMPv3 security model proposed is based on the user's security model, that USM.USM messages on the network encryption and authentication is based on users, and specifically, what protocols and keys for encryption and authentication by user name (userNmae ) authoritative engine identifier (EngineID) to decide (recommended encryption protocol CBCDES, authentication protocol HMAC-MD5-96 and HMAC-SHA-96), through authentication, encryption and time to provide data integrity, data origin authentication, data confidentiality and message time services, so as to effectively prevent non-authorized users to manage information changes, camouflage and eavesdropping.
The remote network management via Telnet, Telnet service as a fatal weakness?? It is transmitted in clear text user name and password, so it is easy to steal passwords by people with ulterior motives, being attacked, but were using SSH communication, the user name and password are encrypted, effectively prevent eavesdropping on passwords, network management personnel to facilitate the safety of remote network management.
Syslog and Watchdog
Syslog logging can switch the system error, system configuration, status changes, state periodic report, the system set out the expectations of other users to log messaging server, network management personnel based on that information to master the operating conditions, early problems are identified, timely configuration and troubleshooting to ensure network security and stability in operation.
I am a professional writer from Cheap On Sales, which contains a great deal of information about induction melting furnaces , razor scream machine, welcome to visit!
Processing your request, Please wait....
