Introduction
Securing a network device is important in any environment.
Below are some common security practice to keep a device from unauthorized access.
Securing User accounts
Create new user for administrating the device
Users can be created by running username command under global config mode.
Username and password are case sensitive and cannot be omitted.
Example:
awplus(config)# username zein privilege 15 password xyzxyzxyz ↓
Set up an enable secret
By using enable secret, it sets a password to enter privileged mode as well as encrypt the password in a hashed form.
Example:
awplus(config)# enable secret XXXXXXXX ↓
Remove the default account
To remove user, use command no username
**Do not remove default account before another account is created to manage the device with privilege 15*
Example:
awplus(config)# no username manager ↓
Encrypt user password in config file
To encrypt user password, use command service password-encryption
Example:
awplus(config)# service password-encryption ↓
Securing CLI
To secure CLI, disable telnet and use SSH instead.
Example:
awplus(config)# no service telnet ↓
awplus(config)# service ssh ↓
Add user to allowed SSH users list
Example:
awplus(config)# ssh server allow-users zein ↓
Securing GUI
GUI of Allied Telesis's switch use HTTPS by default. all traffic is encrypted.
Securing SNMP
Turn off SNMP with command below if SNMP is not used.
Example:
awplus(config)# no snmp-server ↓
We recommend use snmpv3 for its superior security.