This security guide for ExtremeCloud™ Orchestrator version 3.6.0
provides comprehensive information on user authentication, authorization, and various security
features. It details how to configure authentication policies via CLI, use external LDAP
servers, and implement TACACS+ settings. The guide includes instructions for BGP MD5
authentication on both fabric and edge links, ensuring secure BGP connections. It outlines
system hardening techniques, such as configuring SSH servers, securing the Grub bootloader,
installing OSSEC for host intrusion detection, and using iptables for network security. The
document also provides a procedure for updating user passwords and enforcing RBAC policies to
control access to REST APIs and system resources, and it describes a Python script for
performing CIS-CAT security assessments and achieving a hardened security posture on Ubuntu
Linux host servers.
