Forbidding to Use Insecure Management Protocols for Login

Overview

Service access requirements need to be met preferentially based on service requirement analysis. When an access requirement can be implemented using multiple access channels, the secure access channels must be selected, whereas the insecure access channels must be obsoleted.

Table 1 lists the security levels of various access channels. Access channels of higher security levels can be preferentially selected.

**Table 1** Assessment of security capabilities of access channels
Access Requirement	Secure Access Channel	Insecure Access Channel
Remote management	STelnet and HTTPS	Telnet and HTTP
File transfer	SFTP	FTP and TFTP
NMS	SNMPv3	SNMPv1/v2
RIP	RIP-2	RIP-1

Impact on the System

None

Procedure

Disable insecure protocols.

To disable the Telnet service, run:

system-view
undo telnet server enable
undo telnet ipv6 server enable

To disable the FTP service, run:
```
undo ftp server
undo ftp ipv6 server
```

To disable the HTTP service, run:

undo web-manager enable 
undo web-manager ipv6 enable

Enable secure protocols.
- To enable the HTTPS service, run:
```
web-manager security enable
```
- To enable HTTPS-based RESTCONF service, run:
```
api https enable
```
- To enable the STelnet service, run:
```
stelnet server enable
```
- To enable the SFTP service, run:
```
sftp server enable
```