Advertisement

Disabling Telnet on the Brocade Fabric

So you have just completed a port scan over your environment only to discover your Fibre Channel Switch has Telnet enabled for switch management.

You could ignore it and simply tell all your Fabric administrators to only use SSH v2. Keep in mind, having Telnet enabled will be picked up should you have a security audit and the first recommendations will be to disable Telnet.

Also I'm going to fix the NTP settings in the Fabric switch while I'm connected.

The ruleset I'm creating below is just for IPv4 and will be named "MyCompany_mgmt". NTP servers have the following IP addresses, "192.168.8.201;192.168.8.202", please change these as required. SSH in to the fabric and log on as admin:

tsclockserver "192.168.8.201;192.168.8.202"
ipfilter --show
ipfilter --clone MyCompany_mgmt -from default_ipv4
ipfilter --delrule MyCompany_mgmt -rule 2
ipfilter --addrule MyCompany_mgmt -rule 2 -sip any -dp 23 -proto tcp -act deny
ipfilter --save MyCompany_mgmt
ipfilter --activate MyCompany_mgmt
ipfilter --show

Note: Unlike other networking equipment, the Brocade Fabric does not need you to commit the changes. This is completed as you change the configuration.

About the author

Paul Angus

Paul is a security and infrastructure professional with over 13 years of experience in the Information Technology sector.

Before transitioning to the IT sector, the knowledge gained working along side senior management, civil engineers, surveyors, town planners and graphic designers helped to shape his unique perspective.
Last updated: 
2015-07-17 01:04
Share: 
Advertisement

Add new comment