How to Configure the NodeGrid to Be More Secure?

How to Configure the NodeGrid to Be More Secure?

As far as the NodeGrid software's networking services, it comes with some security in mind, but it still is not as closed as some network policies require.

This can be accomplished by changing the services settings in Security :: Services page per your needs.

 

Select/unselect the following checkboxes to enable/disable the following services: 

- Enable detection of USB devices

- Enable RPC

- Enable FTP Service

- Enable SNMP Service

- Enable Telnet Service to NodeGrid

- Enable Telnet Service to Managed Devices

- Enable ICMP echo reply

- Enable Automatic Cloud Enrollment

- Enable Zero Touch Provisioning

- Enable PXE (Preboot eXecution Environment)

- Enable Autodiscovery

- Enable HTTP access

- Enable VM Serial access

- Enable HTTPS access

 

Check/uncheck these options 

* Device access enforced via user group authorization

* DHCP lease controlled by autodiscovery rules

* SSH allow root access

* Redirect HTTP to HTTPS

 

Keep / change these TCP ports  

SSH TCP Port: 22

Cloud TCP Port: 9966

VM Serial Port: 9977

HTTP Port: 80

HTTPS Port: 443

 

Select these options

SSH Version:1 | 2 | 1,2 | 2,1

Cryptographic Protocols:  TLSv1.2 | TLSv1.1 | TLSv1

Cipher Suite Level: High | Medium | Low | Custom

 

An example of the Services settings to make your NodeGrid more secure:

* Disable ICMP echo reply

* Disable HTTP access 

* Enable HTTPS (or disable it so there will be no access via WebUI)

* Disable Redirect HTTP to HTTPS

* Disable SSH allow root access

* Use SSH version 2 only

* Use Cryptographic Protocol TLSv1.2

* Use High Cipher Suite Level

* Disable Telnet Service to NodeGrid

* Disable Telnet Service to Managed Devices

 

Additionally, have the following settings:

- if configuring the NodeGrid Serial Console, uncheck 'Allow Telnet protocol' parameter, and check 'Allow SSH protocol' and enter a TCP port such as 30xx or 80xx.

- change root and admin passwords.

- set authentication with a Remote Authentication server such as Radius, Tacacs and LDAP/AD (in Security :: Authentication)

- enable 'Device access enforced via user group authorization' in Services, and then set Authorization, so authorized users or groups have different permissions.

- configure some Firewall rules (in Security :: Firewall).

- create a checksum of your current configuration as a reference, and compare it from time to time, to see if nothing has changed without authorization (Systems :: Toolkit :: System Configuration Checksum)

 

    • Related Articles

    • How to Enable and Configure Cloud Clustering?

      Cloud is a NodeGrid feature that establishes a secure and resilient connection among other NodeGrid platforms so that when Cloud Clustering is enabled, multiple NodeGrid systems can easily manage and access all managed devices from other nodes. ...
    • Steps to Secure Nodegrid

      The attached document describes the recommended security settings for your Nodegrid before connecting it to the network.
    • Can I Cascade NodeGrid Serial Console Units?

      NodeGrid Serial Console (NSC) serial console server is able to share network ports with fellow devices, sharply reducing network switch port usage for OOB device management. This new port saving feature is already reliably and securely saving many ...
    • How to Recover/Reset NodeGrid Authentication Type

      Situation The NodeGrid was configured and saved with a Remote Authentication Server without any Fallback Authentication options, and the authentication server’s settings were incorrect. Now, none of the local users are able to log in, including admin ...
    • How to Reset the NodeGrid to Factory Default

      If you want to reset your NodeGrid to the factory default configuration, log in as admin to the NodeGrid WebUi, and go to System, ToolKit, and then click on Restore to Factory Default Settings: And click on Restore button. If using CLI, then follow ...