SlideShare une entreprise Scribd logo

At8000 s gerenciamento de seguranca

NetPlus
NetPlus
TechnologieBusiness
1  sur  16
Télécharger pour lire hors ligne
Management Security and Access Control AT - 8000S
Management Access Control • For security reasons, it is required to allow only a selected and predefined group of users to be allowed to perform system management. • Rules act as filters for determining device management access based on: – Type of management application – Interface type and selection – Source IP address and network mask • Users can be denied or permitted management access. • This way network managers can control who is allowed to manage the networking devices
Management Security EWS Telnet “Secure management port” “Secure management VLAN” “Secure management IP address”
Management Access Control System Spec AT - 8000S
Management Access Control List (MACL). • Management Access Control Lists (MACL) contain rules which determine device access via: – ( ASCII terminal ) – Telnet (CLI over Telnet) – SSH (CLI over Secure Shell) – EWS (http or https using SSL). – SNMP • MACL can limit access to users identified by: – Ingress interface (Ethernet, port channel or VLAN) – Source IP address – Source IP subent (using a mask)
MACL – User Control • The management access can be set separately to each type of management (set of allowed users for telnet may be different than those of EWS etc) • The max number of MACL rules is 256 (all criteria) • A specific management access method may be completely disabled by denying all user access to that Management type • By default all management access to the system is Enabled over all interfaces . • A specific command exists to enable only Console management • Management access via the system serial console is always enabled
MACL CLI Configuration AT - 8000S
CLI - Management Access Control List (MACL) • Use the following Global Configuration Mode command to defines an access-list for a management access control list (MACL), and enters the access-list context for configuration. Use the “no” form of command to remove an MACL: management access-list name no management access-list name
CLI – MACL rules (permit) • Use the following MACL Configuration mode command(s) to define an MACL rule – permitting a management service: permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service] permit ip-source ip-address [mask mask | prefix-length] [ethernet interface- number | vlan vlan-id | port-channel number] [service service]
CLI – MACL rules (permit) Notes: 1) If no service is defined in the rule – it applies to all services 2) If no interface is defined – rule applies to all interfaces 3) Use “permit” without any parameters to permit all access 4) Default rule (if no match is found) – is to deny access
CLI – MACL rules (deny) • Use the following MACL Configuration mode command(s) to define an MACL rule – denying a management service: deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service] deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service]
CLI – Management Access Class • Use the following Global Configuration Mode command to define which access-list is used as the activate management connections . Use the “no” form of the command to disable the MACL: management access-class {console-only | name} no management access-class Note: Only 1 Access-class can be defined on a device. Definition of an additional class will cancel the first.
CLI Example – MACL • Defining and applying an MACL(Secure): – Denying telnet access from port 1/e10 – Denying http from vlan 2 and ip-source 10.1.1.1/32 – Permitting all other accesses – Applying the MACL to the device console(config)# management access-list Secure console(config-macl)# deny ethernet 1/e10 service telnet console(config-macl)# deny ip-source 10.1.1.1 mask /32 vlan 2 service http console(config-macl)# permit console(config-macl)# exit console(config)# management access-class Secure
CLI - Show Management Access • Use the following EXEC mode command to display Management access lists: show management access-list [name] • Use the following EXEC Mode command to display information about the active management access-class: show management access-class
CLI Example - Show MACL console # show management access-class Management access-class is enabled, using access-list Secure console # show management access-list Secure ----------- deny ethernet 1/e10 service telnet deny ip-source 10.1.1.1 vlan 2 service http permit ! (Note: all other access implicitly denied) console-only ------------ deny ! (Note: all other access implicitly denied)
Thank You!!!

Recommandé

Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switchHector Camba Lainez
 
Topic 2-topic-31
Topic 2-topic-31Topic 2-topic-31
Topic 2-topic-31Samir Salman
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defenseHuanetwork
 
Aeonmike pf clustering doc guide
Aeonmike pf clustering doc guideAeonmike pf clustering doc guide
Aeonmike pf clustering doc guideConrad Cruz
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Confphanleson
 
Air os qs
Air os qsAir os qs
Air os qsAhodan Konrad
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport securityIT Tech
 
امن الشبكات
امن الشبكات امن الشبكات
امن الشبكات 0551322559
 

Recommandé

Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switchHector Camba Lainez
 
Topic 2-topic-31
Topic 2-topic-31Topic 2-topic-31
Topic 2-topic-31Samir Salman
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defenseHuanetwork
 
Aeonmike pf clustering doc guide
Aeonmike pf clustering doc guideAeonmike pf clustering doc guide
Aeonmike pf clustering doc guideConrad Cruz
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Confphanleson
 
Air os qs
Air os qsAir os qs
Air os qsAhodan Konrad
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport securityIT Tech
 
امن الشبكات
امن الشبكات امن الشبكات
امن الشبكات 0551322559
 
HiGuard Pro installation
HiGuard Pro installationHiGuard Pro installation
HiGuard Pro installationsharetech
 
20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurationsDipak Misra
 
Ams operations
Ams operationsAms operations
Ams operationsWahyu Nasution
 
Day 13 2 switch config
Day 13 2 switch configDay 13 2 switch config
Day 13 2 switch configCYBERINTELLIGENTS
 
Use of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xUse of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xSaroj Sahu
 
Day 5 VIRTUAL LANS
Day 5 VIRTUAL LANSDay 5 VIRTUAL LANS
Day 5 VIRTUAL LANSanilinvns
 
Trixboxguide
TrixboxguideTrixboxguide
Trixboxguidecontroltrix
 
Catálogo de produtos Tibix
Catálogo de produtos TibixCatálogo de produtos Tibix
Catálogo de produtos TibixNetPlus
 
At8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoAt8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoNetPlus
 
Guia de referencia do at 8000 s
Guia de referencia do at 8000 sGuia de referencia do at 8000 s
Guia de referencia do at 8000 sNetPlus
 
Guia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sGuia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sNetPlus
 
Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010NetPlus
 
At8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslAt8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslNetPlus
 
At8000 s caracteristicas gerais
At8000 s caracteristicas geraisAt8000 s caracteristicas gerais
At8000 s caracteristicas geraisNetPlus
 
At8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoAt8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoNetPlus
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02Ravi Ranjan
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnaLakshan Perera
 
Ap7181 cli guide
Ap7181 cli guideAp7181 cli guide
Ap7181 cli guideAdvantec Distribution
 
IBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedIBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedAnthony Beardsmore
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 

Contenu connexe

Tendances

HiGuard Pro installation
HiGuard Pro installationHiGuard Pro installation
HiGuard Pro installationsharetech
 
20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurationsDipak Misra
 
Use of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xUse of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xSaroj Sahu
 
Day 5 VIRTUAL LANS
Day 5 VIRTUAL LANSDay 5 VIRTUAL LANS
Day 5 VIRTUAL LANSanilinvns
 

Tendances (7)

HiGuard Pro installation
HiGuard Pro installationHiGuard Pro installation
HiGuard Pro installation
 
20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations
 
Ams operations
Ams operationsAms operations
Ams operations
 
Day 13 2 switch config
Day 13 2 switch configDay 13 2 switch config
Day 13 2 switch config
 
Use of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.xUse of administrative privilege levels in netapp cluster 8.x
Use of administrative privilege levels in netapp cluster 8.x
 
Day 5 VIRTUAL LANS
Day 5 VIRTUAL LANSDay 5 VIRTUAL LANS
Day 5 VIRTUAL LANS
 
Trixboxguide
TrixboxguideTrixboxguide
Trixboxguide
 

En vedette

Catálogo de produtos Tibix
Catálogo de produtos TibixCatálogo de produtos Tibix
Catálogo de produtos TibixNetPlus
 
At8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoAt8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoNetPlus
 
Guia de referencia do at 8000 s
Guia de referencia do at 8000 sGuia de referencia do at 8000 s
Guia de referencia do at 8000 sNetPlus
 
Guia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sGuia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sNetPlus
 
Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010NetPlus
 
At8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslAt8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslNetPlus
 
At8000 s caracteristicas gerais
At8000 s caracteristicas geraisAt8000 s caracteristicas gerais
At8000 s caracteristicas geraisNetPlus
 

En vedette (7)

Catálogo de produtos Tibix
Catálogo de produtos TibixCatálogo de produtos Tibix
Catálogo de produtos Tibix
 
At8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamentoAt8000 s arquitetura de empilhamento
At8000 s arquitetura de empilhamento
 
Guia de referencia do at 8000 s
Guia de referencia do at 8000 sGuia de referencia do at 8000 s
Guia de referencia do at 8000 s
 
Guia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 sGuia do usuario para interface web do at 8000 s
Guia do usuario para interface web do at 8000 s
 
Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010Catálogo de Produtos Allied Telesis 2010
Catálogo de Produtos Allied Telesis 2010
 
At8000 s configurando com ssh-ssl
At8000 s configurando com ssh-sslAt8000 s configurando com ssh-ssl
At8000 s configurando com ssh-ssl
 
At8000 s caracteristicas gerais
At8000 s caracteristicas geraisAt8000 s caracteristicas gerais
At8000 s caracteristicas gerais
 

Similaire à At8000 s gerenciamento de seguranca

At8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoAt8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoNetPlus
 
IBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedIBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedAnthony Beardsmore
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 
Chapter 4 overview
Chapter 4 overviewChapter 4 overview
Chapter 4 overviewali raza
 
The feature of huawei ma5600
The feature of huawei ma5600The feature of huawei ma5600
The feature of huawei ma5600Huanetwork
 
Chapter 4. using the command line interface
Chapter 4. using the command line interfaceChapter 4. using the command line interface
Chapter 4. using the command line interfaceVishnu Vardhan
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control listsSourabh Badve
 
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...abdenour boussioud
 
Avanceon Plant PAx Process
Avanceon Plant PAx Process Avanceon Plant PAx Process
Avanceon Plant PAx Process Avanceon MEA
 
access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingtayybahaseeb18
 

Similaire à At8000 s gerenciamento de seguranca (20)

At8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoAt8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamento
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Ap7181 cli guide
Ap7181 cli guideAp7181 cli guide
Ap7181 cli guide
 
IBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedIBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplified
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Acl
 
Chapter 4 overview
Chapter 4 overviewChapter 4 overview
Chapter 4 overview
 
enm-oss-v1-.pdf
enm-oss-v1-.pdfenm-oss-v1-.pdf
enm-oss-v1-.pdf
 
Catena
CatenaCatena
Catena
 
ENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptxENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptx
 
Remote Management
Remote ManagementRemote Management
Remote Management
 
The feature of huawei ma5600
The feature of huawei ma5600The feature of huawei ma5600
The feature of huawei ma5600
 
Chapter 4. using the command line interface
Chapter 4. using the command line interfaceChapter 4. using the command line interface
Chapter 4. using the command line interface
 
Anilnet
AnilnetAnilnet
Anilnet
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
 
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
 
Avanceon Plant PAx Process
Avanceon Plant PAx Process Avanceon Plant PAx Process
Avanceon Plant PAx Process
 
access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networking
 

Plus de NetPlus

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesNetPlus
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portuguesNetPlus
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portuguesNetPlus
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portuguesNetPlus
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portuguesNetPlus
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesNetPlus
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesNetPlus
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesNetPlus
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesNetPlus
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesNetPlus
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portuguesNetPlus
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portuguesNetPlus
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portuguesNetPlus
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesNetPlus
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesNetPlus
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixNetPlus
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixNetPlus
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixNetPlus
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixNetPlus
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixNetPlus
 

Plus de NetPlus (20)

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portugues
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portugues
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portugues
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portugues
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portugues
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portugues
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portugues
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portugues
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portugues
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portugues
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portugues
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portugues
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portugues
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portugues
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portugues
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 Dotix
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 Dotix
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 Dotix
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV Dotix
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV Dotix
 

Dernier

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Dernier (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

At8000 s gerenciamento de seguranca

  • 1. Management Security and Access Control AT - 8000S
  • 2. Management Access Control • For security reasons, it is required to allow only a selected and predefined group of users to be allowed to perform system management. • Rules act as filters for determining device management access based on: – Type of management application – Interface type and selection – Source IP address and network mask • Users can be denied or permitted management access. • This way network managers can control who is allowed to manage the networking devices
  • 3. Management Security EWS Telnet “Secure management port” “Secure management VLAN” “Secure management IP address”
  • 4. Management Access Control System Spec AT - 8000S
  • 5. Management Access Control List (MACL). • Management Access Control Lists (MACL) contain rules which determine device access via: – ( ASCII terminal ) – Telnet (CLI over Telnet) – SSH (CLI over Secure Shell) – EWS (http or https using SSL). – SNMP • MACL can limit access to users identified by: – Ingress interface (Ethernet, port channel or VLAN) – Source IP address – Source IP subent (using a mask)
  • 6. MACL – User Control • The management access can be set separately to each type of management (set of allowed users for telnet may be different than those of EWS etc) • The max number of MACL rules is 256 (all criteria) • A specific management access method may be completely disabled by denying all user access to that Management type • By default all management access to the system is Enabled over all interfaces . • A specific command exists to enable only Console management • Management access via the system serial console is always enabled
  • 8. CLI - Management Access Control List (MACL) • Use the following Global Configuration Mode command to defines an access-list for a management access control list (MACL), and enters the access-list context for configuration. Use the “no” form of command to remove an MACL: management access-list name no management access-list name
  • 9. CLI – MACL rules (permit) • Use the following MACL Configuration mode command(s) to define an MACL rule – permitting a management service: permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service] permit ip-source ip-address [mask mask | prefix-length] [ethernet interface- number | vlan vlan-id | port-channel number] [service service]
  • 10. CLI – MACL rules (permit) Notes: 1) If no service is defined in the rule – it applies to all services 2) If no interface is defined – rule applies to all interfaces 3) Use “permit” without any parameters to permit all access 4) Default rule (if no match is found) – is to deny access
  • 11. CLI – MACL rules (deny) • Use the following MACL Configuration mode command(s) to define an MACL rule – denying a management service: deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service] deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service]
  • 12. CLI – Management Access Class • Use the following Global Configuration Mode command to define which access-list is used as the activate management connections . Use the “no” form of the command to disable the MACL: management access-class {console-only | name} no management access-class Note: Only 1 Access-class can be defined on a device. Definition of an additional class will cancel the first.
  • 13. CLI Example – MACL • Defining and applying an MACL(Secure): – Denying telnet access from port 1/e10 – Denying http from vlan 2 and ip-source 10.1.1.1/32 – Permitting all other accesses – Applying the MACL to the device console(config)# management access-list Secure console(config-macl)# deny ethernet 1/e10 service telnet console(config-macl)# deny ip-source 10.1.1.1 mask /32 vlan 2 service http console(config-macl)# permit console(config-macl)# exit console(config)# management access-class Secure
  • 14. CLI - Show Management Access • Use the following EXEC mode command to display Management access lists: show management access-list [name] • Use the following EXEC Mode command to display information about the active management access-class: show management access-class
  • 15. CLI Example - Show MACL console # show management access-class Management access-class is enabled, using access-list Secure console # show management access-list Secure ----------- deny ethernet 1/e10 service telnet deny ip-source 10.1.1.1 vlan 2 service http permit ! (Note: all other access implicitly denied) console-only ------------ deny ! (Note: all other access implicitly denied)