Login Security

Login Security

1. Function Overview

This product includes the following user account management improvements as countermeasures for ensuring cyber security.
To eliminate the risk of malicious cyber-attacks and ensure the product is used safely, be sure to read this document carefully and specify an appropriate user password before use.
For more information, refer to User Account Management.

  • Mandatory administrator registration

    • At least one administrator account must be registered for this product.
      Therefore, a default administrative user (username: admin and password: admin) has been specified for logging in to the product the first time.

    • When first logging into the switch, specify admin as the username and password.

    • After logging in using the default administrative user account, the user is prompted to change the password setting.

  • Stricter limits on guest user operations

    • If the privileged password is not changed from the default setting, use of the privileged password will be restricted to the following operation.

      • Users without administrator rights cannot transition to the privileged EXEC mode.

      • Factory settings cannot be restored using CLI/ GUI operations.

      • Cannot accept connections as a TFTP server.

    • Change the privileged password before performing the above operations.

  • Countermeasure for Brute-Force Attacks

    • As a countermeasure against brute-force attacks, login restrictions are applied after a login fails.

    • If an incorrect password is entered three successive times when logging into the switch via the console, web GUI, or other means, login is disabled for one minute thereafter, even if the correct password is entered.

    • If the password is entered incorrectly, wait at least one minute before trying to login again.

2. Applicable Models and Revisions

User account management has been improved in the following models and revisions.

Models Revisions

SWX3220-16MT
SWX3220-16TMs

Rev.4.02.10 or later

SWX3200-52GT
SWX3200-28GT

Rev.4.00.25 or later

SWX3100-18GT
SWX3100-10G

Rev.4.01.29 or later

SWX2322P-16MT

Rev.2.06.10 or later

SWX2320-16MT

Rev.2.05.10 or later

SWX2310-52GT
SWX2310-28GT
SWX2310-18GT
SWX2310-10G

Rev.2.04.11 or later

SWR2310-28GT
SWR2310-18GT
SWR2310-10G

Rev.2.04.12 or later

SWX2310P-28GT
SWX2310P-18G
SWX2310P-10G

Rev.2.02.24 or later

SWR2311P-10G

Rev.2.02.25 or later

SWP2-10SMF
SWP2-10MMF

Rev.2.03.16 or later

SWX2220P-26NT
SWX2220P-18NT

Rev.1.05.06 or later

SWX2221P-10NT

Rev.1.05.03 or later

SWX2220-26NT
SWX2220-18NT

Rev.1.04.06 or later

SWX2220-10NT

Rev.1.04.03 or later

SWX2210P-10G:

Rev.1.03.13 or later

3. Precautions When Updating Firmware

If the firmware is updated with stronger user account management functionality, be sure to register an administrator account according to the following procedure before using the switch.

  1. Register the administrator account with the previous firmware running, which has not been updated with stronger user account management functionality.

    • If an administrator account already exists, then no account registration is necessary.

    • However, if a password was not specified for the administrator account, be sure to specify a password.

    • It is not a problem if the user name for the administrator account is the default “admin”.

      Yamaha>enable
      Yamaha#configure terminal
      Yamaha(config)#username (username) privilege on password (password)
  2. Create a guest user
    If necessary, create a guest user.

    • If using the username command, create it with the privilege option disabled (off).

      Yamaha(config)#username (username) privilege off password (password)
  3. Change the privileged password

    • The default privileged password setting is “admin”.

    • To change the privileged password using a command, use the enable password command.

      Yamaha(config)#enable password (special privileged access password)
  4. Update the firmware to the version with a countermeasure taken

    • Update the firmware to the version with a countermeasure taken in accordance with Firmware Update.