This section describes suggested configuration actions to harden the Extreme Networks OS switch.
Device hardening steps are performed by a user with administrative privileges. Specific hardening actions may or may not be appropriate for a given environment and must be considered in the context of the overall security policy and existing physical and procedural controls.
The NetworkOS device management functions are isolated through authentication. Once administrators login with specific credentials, their access is limited to commands for which they have privileges with role-based permissions. Additionally, network management communication paths are protected against modification and disclosure using SSHv2. The audit channel to an external Syslog server is protected using TLS encapsulation.