In view of the problems that arise in network equipment, we will perform security reinforcement in turn;
the tools we need to use this time are Huawei's eNSP simulator and a Huawei switch S5700; let's first build an extremely simple topology diagram, as follows
OK , we will carry out security hardening for the following issues :
a) If there is a weak password on the device,
check first: (Be sure to remember that we need to enter the global mode first, otherwise the system will not display some commands. Huawei's command is system, Cisco's The command is enable)
We see that the password of the account admin is a weak password and is stored in plain text;
Reinforcement:
b-1) Login failure handling strategy is not configured.
Direct reinforcement:
b-2) Connection timeout is not properly configured.
There are two possibilities
: 1. Local connection times out, Console port
2. Remote connection times out.
Don’t forget to save, dis saved configuration .
c) Use plain text transmission to remotely manage the device.
Check whether Telnet is enabled
. We find that it is on and reinforce it directly.
First, close the Telnet service
and configure SSH login
. We will open X-shell later and log in remotely.
To be continued…