Login Security

1. Function Overview

This product includes the following user account management improvements as countermeasures for ensuring cyber security.
To eliminate the risk of malicious cyber-attacks and ensure the product is used safely, be sure to read this document carefully and specify an appropriate user password before use.
For more information, refer to User Account Management.

Mandatory administrator registration *1
- At least one administrator account must be registered for this product.
  Therefore, a default administrative user (username: admin and password: admin) has been specified for logging in to the product the first time.
- When first logging into the switch, specify admin as the username and password.
- After logging in using the default administrative user account, the user is prompted to change the password setting.
Stricter limits on guest user operations *1
- If the privileged password (administrative password) has not been changed from the default setting, the following operations that use the privileged password (administrative password) will be restricted.
  - Users without administrator rights cannot transition to the privileged EXEC mode.
  - Factory settings cannot be restored using CLI/ GUI operations.
  - Cannot accept connections as a TFTP server.
- To perform the above operations, change the privileged password (administrative password).
Countermeasure for brute-force attacks *1
- As a countermeasure against brute-force attacks, login restrictions are applied after a login fails.
- If an incorrect password is entered three successive times when logging into the switch via the console, web GUI, or other means, login is disabled for one minute thereafter, even if the correct password is entered.
- If the password is entered incorrectly, wait at least one minute before trying to login again.
Password policy update *2
- As part of security enhancement measures, it is now mandatory to set the length of user passwords and privileged passwords (administrator passwords) to 8 characters or more.

2. Applicable Models and Revisions

The models and revisions that support the enhanced security measures are as follows.

Models	*Enhanced security 1**	*Enhanced security 2**
SWX3220-30TCs	Rev.4.04.01 or later	Rev.4.04.01 or later
SWX3220-30MC	Rev.4.03.01 or later	Rev.4.03.01 or later
SWX3220-16MT SWX3220-16TMs	Rev.4.02.10 or later	Rev.4.02.19 or later
SWX3200-52GT SWX3200-28GT	Rev.4.00.25 or later	Rev.4.00.33 or later
SWX3100-18GT SWX3100-10G	Rev.4.01.29 or later	Rev.4.01.37 or later
SWX2322P-30MC	Rev.2.08.01 or later	Rev.2.08.01 or later
SWX2320-30MC	Rev.2.07.01 or later	Rev.2.07.01 or later
SWX2322P-16MT	Rev.2.06.10 or later	Rev.2.06.19 or later
SWX2320-16MT	Rev.2.05.10 or later	Rev.2.05.19 or later
SWX2310-52GT SWX2310-28GT SWX2310-18GT SWX2310-10G	Rev.2.04.11 or later	Rev.2.04.19 or later
SWR2310-28GT SWR2310-18GT SWR2310-10G	Rev.2.04.12 or later	Rev.2.04.19 or later
SWX2310P-28GT SWX2310P-18G SWX2310P-10G	Rev.2.02.24 or later	Rev.2.02.32 or later
SWR2311P-10G	Rev.2.02.25 or later	Rev.2.02.32 or later
SWP2-10SMF SWP2-10MMF	Rev.2.03.16 or later	Rev.2.03.23 or later

Models

Enhanced security *1

Enhanced security *2

SWX3220-30TCs

Rev.4.04.01 or later

SWX3220-30MC

Rev.4.03.01 or later

SWX3220-16MT
SWX3220-16TMs

Rev.4.02.10 or later

Rev.4.02.19 or later

SWX3200-52GT
SWX3200-28GT

Rev.4.00.25 or later

Rev.4.00.33 or later

SWX3100-18GT
SWX3100-10G

Rev.4.01.29 or later

Rev.4.01.37 or later

SWX2322P-30MC

Rev.2.08.01 or later

SWX2320-30MC

Rev.2.07.01 or later

SWX2322P-16MT

Rev.2.06.10 or later

Rev.2.06.19 or later

SWX2320-16MT

Rev.2.05.10 or later

Rev.2.05.19 or later

SWX2310-52GT
SWX2310-28GT
SWX2310-18GT
SWX2310-10G

Rev.2.04.11 or later

Rev.2.04.19 or later

SWR2310-28GT
SWR2310-18GT
SWR2310-10G

Rev.2.04.12 or later

Rev.2.04.19 or later

SWX2310P-28GT
SWX2310P-18G
SWX2310P-10G

Rev.2.02.24 or later

Rev.2.02.32 or later

SWR2311P-10G

Rev.2.02.25 or later

Rev.2.02.32 or later

SWP2-10SMF
SWP2-10MMF

Rev.2.03.16 or later

Rev.2.03.23 or later

3. Precautions When Updating Firmware

If the firmware is updated with stronger user account management functionality, be sure to register an administrator account according to the following procedure before using the switch.

Register the administrator account with the previous firmware running, which has not been updated with stronger user account management functionality.
- If an administrator account already exists, then no account registration is necessary.
- However, if a password was not specified for the administrator account, be sure to specify a password.
- It is not a problem if the user name for the administrator account is the default “admin”.
  Yamaha>enable Yamaha#configure terminal Yamaha(config)#username (ユーザー名) privilege on password (パスワード)
Create a guest user
If necessary, create a guest user.
- If using the username command, create it with the privilege option disabled (off).
  Yamaha(config)#username (ユーザー名) privilege off password (パスワード)
Change the privileged password (administrative password)
- The privileged password (administrative password) is set to “admin” by default.
- To change the privileged password (administrative password) using a command, use the enable password command.
  Yamaha(config)#enable password (特権パスワード)
Update the firmware to the version with a countermeasure taken
- Update the firmware to the version with a countermeasure taken in accordance with Firmware Update.

Login Security

1. Function Overview

2. Applicable Models and Revisions

3. Precautions When Updating Firmware

4. Related Documentation