Login Security
Login Security
1. Function Overview
This product includes the following user account management improvements as countermeasures for ensuring cyber security.
To eliminate the risk of malicious cyber-attacks and ensure the product is used safely, be sure to read this document carefully and specify an appropriate user password before use.
For more information, refer to User Account Management.
-
Mandatory administrator registration
-
At least one administrator account must be registered for this product.
Therefore, a default administrative user (username: admin and password: admin) has been specified for logging in to the product the first time. -
When first logging into the switch, specify admin as the username and password.
-
After logging in using the default administrative user account, the user is prompted to change the password setting.
-
-
Stricter limits on guest user operations
-
If the privileged password is not changed from the default setting, use of the privileged password will be restricted to the following operation.
-
Users without administrator rights cannot transition to the privileged EXEC mode.
-
Factory settings cannot be restored using CLI/ GUI operations.
-
Cannot accept connections as a TFTP server.
-
-
Change the privileged password before performing the above operations.
-
-
Countermeasure for Brute-Force Attacks
-
As a countermeasure against brute-force attacks, login restrictions are applied after a login fails.
-
If an incorrect password is entered three successive times when logging into the switch via the console, web GUI, or other means, login is disabled for one minute thereafter, even if the correct password is entered.
-
If the password is entered incorrectly, wait at least one minute before trying to login again.
-
2. Applicable Models and Revisions
User account management has been improved in the following models and revisions.
Models | Revisions |
---|---|
SWX3220-16MT |
Rev.4.02.10 or later |
SWX3200-52GT |
Rev.4.00.25 or later |
SWX3100-18GT |
Rev.4.01.29 or later |
SWX2322P-16MT |
Rev.2.06.10 or later |
SWX2320-16MT |
Rev.2.05.10 or later |
SWX2310-52GT |
Rev.2.04.11 or later |
SWR2310-28GT |
Rev.2.04.12 or later |
SWX2310P-28GT |
Rev.2.02.24 or later |
SWR2311P-10G |
Rev.2.02.25 or later |
SWP2-10SMF |
Rev.2.03.16 or later |
SWX2220P-26NT |
Rev.1.05.06 or later |
SWX2221P-10NT |
Rev.1.05.03 or later |
SWX2220-26NT |
Rev.1.04.06 or later |
SWX2220-10NT |
Rev.1.04.03 or later |
SWX2210P-10G: |
Rev.1.03.13 or later |
3. Precautions When Updating Firmware
If the firmware is updated with stronger user account management functionality, be sure to register an administrator account according to the following procedure before using the switch.
-
Register the administrator account with the previous firmware running, which has not been updated with stronger user account management functionality.
-
If an administrator account already exists, then no account registration is necessary.
-
However, if a password was not specified for the administrator account, be sure to specify a password.
-
It is not a problem if the user name for the administrator account is the default “admin”.
Yamaha>enable Yamaha#configure terminal Yamaha(config)#username (username) privilege on password (password)
-
-
Create a guest user
If necessary, create a guest user.-
If using the username command, create it with the privilege option disabled (off).
Yamaha(config)#username (username) privilege off password (password)
-
-
Change the privileged password
-
The default privileged password setting is “admin”.
-
To change the privileged password using a command, use the enable password command.
Yamaha(config)#enable password (special privileged access password)
-
-
Update the firmware to the version with a countermeasure taken
-
Update the firmware to the version with a countermeasure taken in accordance with Firmware Update.
-