Overview

Get an overview of techniques for hardening security in EFA.

Learn about security hardening guidance for Extreme Fabric Automation (EFA), with an emphasis on the installation and usage of open source security tools to achieve a hardened operational security stance. It is assumed that you have some basic knowledge of security principles and operations of the Linux operating system and associated technologies.

Note: This document assumes that EFA has been installed in secure mode and is operational. For details on how to achieve this, refer to the Extreme Fabric Automation Administration Guide, 3.1.0 , which includes details on EFA security options and commands.

The following security hardening topics included in this document:

CIS-CAT security hardening: Details of a custom python script from Extreme Networks that hardens the underlying operating system.
Iptables firewall: Securing the EFA networking stance.
Grub boot loader security: How to set a hardened security posture for Grub.
System auditing with auditd: Instructions for monitoring various aspect of system runtime activities.
OSSEC HIDS installation and usage: A broad set of indicators relevant for host intrusion detection.
Authenticated NTP: How to ensure that NTP communications are authenticated.
Secure DNS: Details about encrypted DNS communications.
Detecting rootkits with rkhunter: Specialized run time checks for various types of Linux rootkits.

Switching

Routing

Wireless

Management & Automation

Analytics & Visibility

Security & Access Control

Remote

Cloud

Security

Machine Learning

Campus Fabric

Data Center Fabric

Internet of Things

Wi-Fi 6

Primary & Secondary Education (K-12)

Retail

Service Providers

Federal Government

Manufacturing

Higher Education

Healthcare

Hospitality

State & Local Government

Sports & Public Venues

Support Portal

Knowledge Base

Documentation

End of Sale

Policies & Warranties

Training & Courses

Maintenance Services

Premier Services

Professional Services

Managed Services

Overview