Enhanced secure
Hsecure
SSH secure
Enable SSH secure mode to allow only SSH to be used and disable all other protocols which include Telnet, rlogin, FTP, SNMP, TFTP, HTTP, and HTTPS. Enabling this mode disables Telnet, rlogin, FTP, SNMP, TFTP, HTTP, and HTTPS by setting the boot flags for these protocols to off. You can over-ride the configuration and enable required protocols individually for run-time use. The administrator must enable required protocols individually for run-time use again following a reboot even if you save the configuration. This is because the SSH secure mode enable takes precedence at the time of reboot and the other protocols will be disabled even though the configuration file has them set to enabled.
Note
Rlogin is only supported on VSP 8600 Series.
Note
Disabling SSH secure mode will not automatically enable the OA&M protocols that were disabled. The boot flags for the required protocols will have to be individually set to enabled.
The following table lists the differences between enhanced secure mode and hsecure mode.
Feature |
Enhanced secure |
Hsecure |
---|---|---|
Authentication |
Role-based:
|
Access-level based:
|
Password length |
Minimum of 8 characters with the exception of the Admin, which requires a minimum of 15 characters |
10 characters, minimum |
Password rules |
1 or 2 upper case, lower case, numeric and special characters |
Minimum of 2 upper case, 2 lower case, 2 numeric and 2 special characters |
Password expiration |
Per-user minimum change interval is enforced, which is programmed by the Administrator |
Global expiration, configured by the Admin |
Password-unique |
Previous passwords and common passwords between users are prevented |
The same |
Password renewal |
Automatic password renewal is enforced |
The same |
Audit logs |
Audit logs are encrypted, and authorized users are able to view, modify, and delete. |
Standard operation |
SNMPv3 |
Password rules apply to SNMPv3 Auth&Priv. SNMPv3 is required (V1/V2 disabled) |
SNMPv1 and SNMPv2 can be enabled. |
EDM |
Site Admin to enable or disable |
Disabled |
Telnet and FTP |
Site Admin to enable or disable |
The same |
DOS attack Prevention |
Not available |
Prevents DOS attacks by filtering IP addresses and IP address ranges. |
For information on Enhanced secure mode and SSH, see Enhanced secure mode authentication access levels.