12.07.2015 Views

SECURING FIBRE CHANNEL FABRICS - Brocade

SECURING FIBRE CHANNEL FABRICS - Brocade

SECURING FIBRE CHANNEL FABRICS - Brocade

SHOW MORE
SHOW LESS
  • No tags were found...

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Chapter 8: Securing FOS-Based FabricsRole NameChassis-rolepermissionFirst inFOSDuties6.2.0 Chassis-specificconfigurationFabricAdmin 5.2.0 Fabric and switchadministrationOperator 5.2.0 General switchadministrationSecurityAdmin 5.3.0 SecurityadministrationSwitchAdmin 5.0.0 Local switchadministrationRole permission only andapplied to the useraccount through theuserConfig commandAll switch and fabriccommands, excludesuser management andAD commandsRoutine switchmaintenance commandsAll switch security anduser managementfunctionsMost switch (local)commands, excludingsecurity, usermanagement, andzoning commandsUser All Monitoring only Non-administrative usesuch as monitoringsystem activityZoneAdmin 5.2.0 ZoneadministrationDescriptionZone managementcommands onlyOther Password-Related FeaturesIt is possible to bypass the normal login procedure to recover a passwordby bringing the switch into single-user mode and obtainingspecial password recovery code from <strong>Brocade</strong>. This may be viewed asa security hole in some environments. To prevent unauthorized usersfrom entering a switch into single-user mode, a password can be seton the boot PROM. A recovery string can also be defined in case theboot PROM password is lost, to allow <strong>Brocade</strong> to recover the password.WARNING: If the boot PROM password is set and forgotten and there isno recovery string defined (or it is also forgotten), then there is no wayof regaining management access to the switch if the admin or rootpasswords are lost.142 Securing Fibre Channel Fabrics

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!