02-14-2017 12:45 AM
for security reasons, I'd like to disable the possibility to perform both the "password recovery" and the "reset to factory default" (hardware and sfoftware) procedures.
More specifically, I'd like to configure my switch/router in order to completely "brick" it if you don't know any of the "legal" passwords.
In this manner, I'd like to
1) prevent the theft of the equipment (making it useless)
2) prevent attacks to my network performed using a "legal" hardware equipment but re-configured in a malicious way (by means of a factory reset and a subsequent "bad" configuration)
Is there any parameter's configuration allowing my desired behaviour?
Thanks in advance
Have a nice day
Solved! Go to Solution.
02-14-2017 07:39 PM
As I know there have no command which will match your requirement. Could you please give us the product type you mentioned? I will help you check this problem again.
02-15-2017 09:18 AM
Daniele, I moved you Thread from Ethernet Switches & Router Forum into a correct Fiber Channel Forum since this is related to Brocade 5100 SAN switch, and not Ethernet Switch.
this is a common question, please use search option here in the community how to delete config, the same is descripted in FOS Admin Guide.
Due to wrong Post in the Forum the answer from @Nancy Tang was related to Ethernet Switches.
02-16-2017 05:19 AM
out of the box - not really. You should
1. Enable the boot prom password - if password recovery via boot, then contacting Brocade is necessary
To further lock down, disable root account and factory.
Use passwordCfg to set password policy enable locking of password (without auto lockout).
Further, using SCC to lock down the switches in the fabric, disabling unnecesary E-ports.
Disable inband access to the management server (ms*).
And check out the FIPS mode - fipsCfg - from where the is no return.