ArubaOS Switch 16.x Hardening Guide v1.0.0

Audit Details

Name: ArubaOS Switch 16.x Hardening Guide v1.0.0

Updated: 3/7/2023

Authority: TNS

Plugin: ArubaOS

Revision: 1.3

Estimated Item Count: 58

File Details

Filename: ArubaOS-Switch-16.x-Hardening-Guide-v1.0.0.audit

Size: 109 kB

MD5: c8cca0f254b893bf88a8c02178a17d72
SHA256: a51a12ed66aa73a1b86167fa5d8f9271f6e98342def32adfca65cf16379f639d

Audit Items

DescriptionCategories
Access control lists

SYSTEM AND COMMUNICATIONS PROTECTION

Auditing and logging - server

AUDIT AND ACCOUNTABILITY

Auditing and logging - severity

AUDIT AND ACCOUNTABILITY

Authorized IP managers

SYSTEM AND COMMUNICATIONS PROTECTION

Centralized authentication - configuration

IDENTIFICATION AND AUTHENTICATION

Centralized authentication - server

IDENTIFICATION AND AUTHENTICATION

Console inactivity timer

ACCESS CONTROL

Control Plane Policing

SYSTEM AND COMMUNICATIONS PROTECTION

DHCP snooping - authorized-server

SYSTEM AND COMMUNICATIONS PROTECTION

DHCP snooping - global

SYSTEM AND COMMUNICATIONS PROTECTION

DHCP snooping - port trust and vlans

SYSTEM AND COMMUNICATIONS PROTECTION

Dynamic ARP Protection - global

SYSTEM AND COMMUNICATIONS PROTECTION

Dynamic ARP Protection - port trust, vlans, and validate

SYSTEM AND COMMUNICATIONS PROTECTION

Enhanced secure mode

CONFIGURATION MANAGEMENT

Failed authentication lockout - lockout-delay

ACCESS CONTROL

Failed authentication lockout - num-attempts

ACCESS CONTROL

Front panel security

SYSTEM AND COMMUNICATIONS PROTECTION

Hiding sensitive data

CONFIGURATION MANAGEMENT

HTTP vs. HTTPS - idle-timeout

ACCESS CONTROL

HTTP vs. HTTPS - plaintext

CONFIGURATION MANAGEMENT

HTTP vs. HTTPS - ssl

SYSTEM AND COMMUNICATIONS PROTECTION

Local password complexity - password complexity all

IDENTIFICATION AND AUTHENTICATION

Local password complexity - password composition lowercase

IDENTIFICATION AND AUTHENTICATION

Local password complexity - password composition number

IDENTIFICATION AND AUTHENTICATION

Local password complexity - password composition specialcharacter

IDENTIFICATION AND AUTHENTICATION

Local password complexity - password composition uppercase

IDENTIFICATION AND AUTHENTICATION

Local password complexity - password configuration aging

IDENTIFICATION AND AUTHENTICATION

Local password complexity - password configuration history

IDENTIFICATION AND AUTHENTICATION

Local password complexity - password minimum-length

IDENTIFICATION AND AUTHENTICATION

Login banner - banner exec

ACCESS CONTROL

Login banner - banner motd

ACCESS CONTROL

MACsec

SYSTEM AND COMMUNICATIONS PROTECTION

Management VLAN

CONFIGURATION MANAGEMENT

Out-of-Band Management port

SYSTEM AND COMMUNICATIONS PROTECTION

Port security

SYSTEM AND COMMUNICATIONS PROTECTION

Port security auto-recovery

SYSTEM AND COMMUNICATIONS PROTECTION

RADIUS and TACACS+ authorization and accounting - accounting commands

IDENTIFICATION AND AUTHENTICATION

RADIUS and TACACS+ authorization and accounting - accounting exec

IDENTIFICATION AND AUTHENTICATION

RADIUS and TACACS+ authorization and accounting - authorization commands access-level

IDENTIFICATION AND AUTHENTICATION

RADIUS and TACACS+ authorization and accounting - authorization commands auto

IDENTIFICATION AND AUTHENTICATION

Server-supplied privilege level

IDENTIFICATION AND AUTHENTICATION

SNMPv1 and v2c vs SNMPv3 - snmp community

IDENTIFICATION AND AUTHENTICATION

SNMPv1 and v2c vs SNMPv3 - snmpv3 enable

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SNMPv1 and v2c vs SNMPv3 - snmpv3 only

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Storing credentials in the switch configuration

IDENTIFICATION AND AUTHENTICATION

Switch identity profile

SYSTEM AND COMMUNICATIONS PROTECTION

Telnet vs. Secure Shell - idle-timeout

ACCESS CONTROL

Telnet vs. Secure Shell - ip ssh

CONFIGURATION MANAGEMENT

Telnet vs. Secure Shell - no telnet-server

CONFIGURATION MANAGEMENT

TFTP vs SFTP and SCP - ip ssh filetransfer

SYSTEM AND COMMUNICATIONS PROTECTION