Front panel security

Information

Aruba switches use Reset and Clear buttons, on the front panel, to allow users to reset the switch configuration to factory default or to reset the console password. This capability creates a security and denial-of-service risk if the switch is in a location where it is impossible to prevent physical access to the front panel. It is recommended that administrators disable these features to prevent malicious use by an attacker with physical access to the device.

Solution

It is critical to understand that disabling these features severely restricts administrator options if the manager password is lost or forgotten. Before making these changes, users are encouraged to review all considerations outlined in the section "Front panel security" in the chapter titled "Configuring Username and Password Security" in the ArubaOS-Switch Access Security Guide.

The following two commands will disable the front-panel buttons:

switch(config)# no front-panel-security password-clear
switch(config)# no front-panel-security factory-reset

See Also

https://support.hpe.com/hpesc/public/docDisplay?docId=a00056155en_us

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(16)

Plugin: ArubaOS

Control ID: 5748597d52a7694d80cd3f8b252e6fc34e017330891461bac957c0b22cdf9f45