SlideShare una empresa de Scribd logo

At8000 s gerenciamento de seguranca

NetPlus
NetPlus
TecnologíaEmpresariales
1 de 16
Descargar para leer sin conexión
Management Security and Access Control AT - 8000S
Management Access Control • For security reasons, it is required to allow only a selected and predefined group of users to be allowed to perform system management. • Rules act as filters for determining device management access based on: – Type of management application – Interface type and selection – Source IP address and network mask • Users can be denied or permitted management access. • This way network managers can control who is allowed to manage the networking devices
Management Security EWS Telnet “Secure management port” “Secure management VLAN” “Secure management IP address”
Management Access Control System Spec AT - 8000S
Management Access Control List (MACL). • Management Access Control Lists (MACL) contain rules which determine device access via: – ( ASCII terminal ) – Telnet (CLI over Telnet) – SSH (CLI over Secure Shell) – EWS (http or https using SSL). – SNMP • MACL can limit access to users identified by: – Ingress interface (Ethernet, port channel or VLAN) – Source IP address – Source IP subent (using a mask)
MACL – User Control • The management access can be set separately to each type of management (set of allowed users for telnet may be different than those of EWS etc) • The max number of MACL rules is 256 (all criteria) • A specific management access method may be completely disabled by denying all user access to that Management type • By default all management access to the system is Enabled over all interfaces . • A specific command exists to enable only Console management • Management access via the system serial console is always enabled
MACL CLI Configuration AT - 8000S
CLI - Management Access Control List (MACL) • Use the following Global Configuration Mode command to defines an access-list for a management access control list (MACL), and enters the access-list context for configuration. Use the “no” form of command to remove an MACL: management access-list name no management access-list name
CLI – MACL rules (permit) • Use the following MACL Configuration mode command(s) to define an MACL rule – permitting a management service: permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service] permit ip-source ip-address [mask mask | prefix-length] [ethernet interface- number | vlan vlan-id | port-channel number] [service service]
CLI – MACL rules (permit) Notes: 1) If no service is defined in the rule – it applies to all services 2) If no interface is defined – rule applies to all interfaces 3) Use “permit” without any parameters to permit all access 4) Default rule (if no match is found) – is to deny access
CLI – MACL rules (deny) • Use the following MACL Configuration mode command(s) to define an MACL rule – denying a management service: deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service] deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service]
CLI – Management Access Class • Use the following Global Configuration Mode command to define which access-list is used as the activate management connections . Use the “no” form of the command to disable the MACL: management access-class {console-only | name} no management access-class Note: Only 1 Access-class can be defined on a device. Definition of an additional class will cancel the first.
CLI Example – MACL • Defining and applying an MACL(Secure): – Denying telnet access from port 1/e10 – Denying http from vlan 2 and ip-source 10.1.1.1/32 – Permitting all other accesses – Applying the MACL to the device console(config)# management access-list Secure console(config-macl)# deny ethernet 1/e10 service telnet console(config-macl)# deny ip-source 10.1.1.1 mask /32 vlan 2 service http console(config-macl)# permit console(config-macl)# exit console(config)# management access-class Secure
CLI - Show Management Access • Use the following EXEC mode command to display Management access lists: show management access-list [name] • Use the following EXEC Mode command to display information about the active management access-class: show management access-class
CLI Example - Show MACL console # show management access-class Management access-class is enabled, using access-list Secure console # show management access-list Secure ----------- deny ethernet 1/e10 service telnet deny ip-source 10.1.1.1 vlan 2 service http permit ! (Note: all other access implicitly denied) console-only ------------ deny ! (Note: all other access implicitly denied)
Thank You!!!

Recomendados

Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switchHector Camba Lainez
 
Topic 2-topic-31
Topic 2-topic-31Topic 2-topic-31
Topic 2-topic-31Samir Salman
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defenseHuanetwork
 
Aeonmike pf clustering doc guide
Aeonmike pf clustering doc guideAeonmike pf clustering doc guide
Aeonmike pf clustering doc guideConrad Cruz
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Confphanleson
 
Air os qs
Air os qsAir os qs
Air os qsAhodan Konrad
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport securityIT Tech
 
امن الشبكات
امن الشبكات امن الشبكات
امن الشبكات 0551322559
 

Recomendados

Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switchHector Camba Lainez
 
Topic 2-topic-31
Topic 2-topic-31Topic 2-topic-31
Topic 2-topic-31Samir Salman
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defenseHuanetwork
 
Aeonmike pf clustering doc guide
Aeonmike pf clustering doc guideAeonmike pf clustering doc guide
Aeonmike pf clustering doc guideConrad Cruz
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Confphanleson
 
Air os qs
Air os qsAir os qs
Air os qsAhodan Konrad
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport securityIT Tech
 
امن الشبكات
امن الشبكات امن الشبكات
امن الشبكات 0551322559
 
HiGuard Pro installation
HiGuard Pro installationHiGuard Pro installation
HiGuard Pro installationsharetech
 
20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurationsDipak Misra
 
Ams operations
Ams operationsAms operations
Ams operationsWahyu Nasution
 
Day 13 2 switch config
Day 13 2 switch configDay 13 2 switch config
Day 13 2 switch configCYBERINTELLIGENTS
 
Use of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xUse of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xSaroj Sahu
 
Day 5 VIRTUAL LANS
Day 5 VIRTUAL LANSDay 5 VIRTUAL LANS
Day 5 VIRTUAL LANSanilinvns
 
Trixboxguide
TrixboxguideTrixboxguide
Trixboxguidecontroltrix
 
Catálogo de produtos Tibix
Catálogo de produtos TibixCatálogo de produtos Tibix
Catálogo de produtos TibixNetPlus
 
At8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoAt8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoNetPlus
 
Guia de referencia do at 8000 s
Guia de referencia do at 8000 sGuia de referencia do at 8000 s
Guia de referencia do at 8000 sNetPlus
 
Guia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sGuia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sNetPlus
 
Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010NetPlus
 
At8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslAt8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslNetPlus
 
At8000 s caracteristicas gerais
At8000 s caracteristicas geraisAt8000 s caracteristicas gerais
At8000 s caracteristicas geraisNetPlus
 
At8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoAt8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoNetPlus
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02Ravi Ranjan
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnaLakshan Perera
 
Ap7181 cli guide
Ap7181 cli guideAp7181 cli guide
Ap7181 cli guideAdvantec Distribution
 
IBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedIBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedAnthony Beardsmore
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 

Más contenido relacionado

La actualidad más candente

HiGuard Pro installation
HiGuard Pro installationHiGuard Pro installation
HiGuard Pro installationsharetech
 
20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurationsDipak Misra
 
Use of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xUse of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xSaroj Sahu
 
Day 5 VIRTUAL LANS
Day 5 VIRTUAL LANSDay 5 VIRTUAL LANS
Day 5 VIRTUAL LANSanilinvns
 

La actualidad más candente (7)

HiGuard Pro installation
HiGuard Pro installationHiGuard Pro installation
HiGuard Pro installation
 
20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations
 
Ams operations
Ams operationsAms operations
Ams operations
 
Day 13 2 switch config
Day 13 2 switch configDay 13 2 switch config
Day 13 2 switch config
 
Use of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xUse of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.x
 
Day 5 VIRTUAL LANS
Day 5 VIRTUAL LANSDay 5 VIRTUAL LANS
Day 5 VIRTUAL LANS
 
Trixboxguide
TrixboxguideTrixboxguide
Trixboxguide
 

Destacado

Catálogo de produtos Tibix
Catálogo de produtos TibixCatálogo de produtos Tibix
Catálogo de produtos TibixNetPlus
 
At8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoAt8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoNetPlus
 
Guia de referencia do at 8000 s
Guia de referencia do at 8000 sGuia de referencia do at 8000 s
Guia de referencia do at 8000 sNetPlus
 
Guia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sGuia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sNetPlus
 
Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010NetPlus
 
At8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslAt8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslNetPlus
 
At8000 s caracteristicas gerais
At8000 s caracteristicas geraisAt8000 s caracteristicas gerais
At8000 s caracteristicas geraisNetPlus
 

Destacado (7)

Catálogo de produtos Tibix
Catálogo de produtos TibixCatálogo de produtos Tibix
Catálogo de produtos Tibix
 
At8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoAt8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamento
 
Guia de referencia do at 8000 s
Guia de referencia do at 8000 sGuia de referencia do at 8000 s
Guia de referencia do at 8000 s
 
Guia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sGuia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 s
 
Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010
 
At8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslAt8000 s configurando com ssh-ssl
At8000 s configurando com ssh-ssl
 
At8000 s caracteristicas gerais
At8000 s caracteristicas geraisAt8000 s caracteristicas gerais
At8000 s caracteristicas gerais
 

Similar a At8000 s gerenciamento de seguranca

At8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoAt8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoNetPlus
 
IBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedIBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedAnthony Beardsmore
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 
Chapter 4 overview
Chapter 4 overviewChapter 4 overview
Chapter 4 overviewali raza
 
The feature of huawei ma5600
The feature of huawei ma5600The feature of huawei ma5600
The feature of huawei ma5600Huanetwork
 
Chapter 4. using the command line interface
Chapter 4. using the command line interfaceChapter 4. using the command line interface
Chapter 4. using the command line interfaceVishnu Vardhan
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control listsSourabh Badve
 
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...abdenour boussioud
 
Avanceon Plant PAx Process
Avanceon Plant PAx Process Avanceon Plant PAx Process
Avanceon Plant PAx Process Avanceon MEA
 
access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingtayybahaseeb18
 

Similar a At8000 s gerenciamento de seguranca (20)

At8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoAt8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamento
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Ap7181 cli guide
Ap7181 cli guideAp7181 cli guide
Ap7181 cli guide
 
IBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedIBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplified
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Acl
 
Chapter 4 overview
Chapter 4 overviewChapter 4 overview
Chapter 4 overview
 
enm-oss-v1-.pdf
enm-oss-v1-.pdfenm-oss-v1-.pdf
enm-oss-v1-.pdf
 
Catena
CatenaCatena
Catena
 
ENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptxENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptx
 
Remote Management
Remote ManagementRemote Management
Remote Management
 
The feature of huawei ma5600
The feature of huawei ma5600The feature of huawei ma5600
The feature of huawei ma5600
 
Chapter 4. using the command line interface
Chapter 4. using the command line interfaceChapter 4. using the command line interface
Chapter 4. using the command line interface
 
Anilnet
AnilnetAnilnet
Anilnet
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
 
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
 
Avanceon Plant PAx Process
Avanceon Plant PAx Process Avanceon Plant PAx Process
Avanceon Plant PAx Process
 
access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networking
 

Más de NetPlus

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesNetPlus
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portuguesNetPlus
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portuguesNetPlus
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portuguesNetPlus
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portuguesNetPlus
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesNetPlus
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesNetPlus
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesNetPlus
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesNetPlus
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesNetPlus
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portuguesNetPlus
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portuguesNetPlus
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portuguesNetPlus
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesNetPlus
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesNetPlus
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixNetPlus
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixNetPlus
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixNetPlus
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixNetPlus
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixNetPlus
 

Más de NetPlus (20)

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portugues
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portugues
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portugues
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portugues
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portugues
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portugues
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portugues
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portugues
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portugues
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portugues
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portugues
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portugues
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portugues
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portugues
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portugues
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 Dotix
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 Dotix
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 Dotix
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV Dotix
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV Dotix
 

Último

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Último (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

At8000 s gerenciamento de seguranca

  • 1. Management Security and Access Control AT - 8000S
  • 2. Management Access Control • For security reasons, it is required to allow only a selected and predefined group of users to be allowed to perform system management. • Rules act as filters for determining device management access based on: – Type of management application – Interface type and selection – Source IP address and network mask • Users can be denied or permitted management access. • This way network managers can control who is allowed to manage the networking devices
  • 3. Management Security EWS Telnet “Secure management port” “Secure management VLAN” “Secure management IP address”
  • 4. Management Access Control System Spec AT - 8000S
  • 5. Management Access Control List (MACL). • Management Access Control Lists (MACL) contain rules which determine device access via: – ( ASCII terminal ) – Telnet (CLI over Telnet) – SSH (CLI over Secure Shell) – EWS (http or https using SSL). – SNMP • MACL can limit access to users identified by: – Ingress interface (Ethernet, port channel or VLAN) – Source IP address – Source IP subent (using a mask)
  • 6. MACL – User Control • The management access can be set separately to each type of management (set of allowed users for telnet may be different than those of EWS etc) • The max number of MACL rules is 256 (all criteria) • A specific management access method may be completely disabled by denying all user access to that Management type • By default all management access to the system is Enabled over all interfaces . • A specific command exists to enable only Console management • Management access via the system serial console is always enabled
  • 8. CLI - Management Access Control List (MACL) • Use the following Global Configuration Mode command to defines an access-list for a management access control list (MACL), and enters the access-list context for configuration. Use the “no” form of command to remove an MACL: management access-list name no management access-list name
  • 9. CLI – MACL rules (permit) • Use the following MACL Configuration mode command(s) to define an MACL rule – permitting a management service: permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service] permit ip-source ip-address [mask mask | prefix-length] [ethernet interface- number | vlan vlan-id | port-channel number] [service service]
  • 10. CLI – MACL rules (permit) Notes: 1) If no service is defined in the rule – it applies to all services 2) If no interface is defined – rule applies to all interfaces 3) Use “permit” without any parameters to permit all access 4) Default rule (if no match is found) – is to deny access
  • 11. CLI – MACL rules (deny) • Use the following MACL Configuration mode command(s) to define an MACL rule – denying a management service: deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service] deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service]
  • 12. CLI – Management Access Class • Use the following Global Configuration Mode command to define which access-list is used as the activate management connections . Use the “no” form of the command to disable the MACL: management access-class {console-only | name} no management access-class Note: Only 1 Access-class can be defined on a device. Definition of an additional class will cancel the first.
  • 13. CLI Example – MACL • Defining and applying an MACL(Secure): – Denying telnet access from port 1/e10 – Denying http from vlan 2 and ip-source 10.1.1.1/32 – Permitting all other accesses – Applying the MACL to the device console(config)# management access-list Secure console(config-macl)# deny ethernet 1/e10 service telnet console(config-macl)# deny ip-source 10.1.1.1 mask /32 vlan 2 service http console(config-macl)# permit console(config-macl)# exit console(config)# management access-class Secure
  • 14. CLI - Show Management Access • Use the following EXEC mode command to display Management access lists: show management access-list [name] • Use the following EXEC Mode command to display information about the active management access-class: show management access-class
  • 15. CLI Example - Show MACL console # show management access-class Management access-class is enabled, using access-list Secure console # show management access-list Secure ----------- deny ethernet 1/e10 service telnet deny ip-source 10.1.1.1 vlan 2 service http permit ! (Note: all other access implicitly denied) console-only ------------ deny ! (Note: all other access implicitly denied)