Security Enhancements in Switch Firmware Version 4.80/4.90
Zyxel Employee
In this section, we will discuss the security enhancements introduced in the latest firmware version of 4.80/4.90 for Zyxel switches. These updates are crucial to meet modern cybersecurity standards and improve the overall security of our networking devices. Here are the four main security enhancements included in this update:
Security Enhancement 1: PSTI Compliance
Background: The Product Security and Telecommunications Infrastructure (PSTI) regulation in the UK mandates stringent cybersecurity measures for computer products, including secure default password policies.
Solution:
- Mandatory Password Change on First Login:
- Users are required to change the default admin password on their first login, both via Web GUI and CLI.
- Modify Default Admin Username:
- Users can now change the default admin username, adding an additional layer of security by preventing attackers from knowing the admin username.
Security Enhancement 2: Disable Telnet by Default
Background: Telnet transmits data, including credentials, in plain text, making it vulnerable to interception and eavesdropping.
Solution:
- Telnet is disabled by default in the latest firmware version of 4.80/4.90.
- Users who still require Telnet can enable it manually.
Security Enhancement 3: Update SSH Algorithms
Background: OpenSSH version 8.7 and newer have deprecated the default SSH-RSA algorithm due to security vulnerabilities.
Solution:
- The default SSH algorithm is updated to ECDSA (Elliptic Curve Digital Signature Algorithm), which is more secure and supported by modern systems.
Security Enhancement 4: Increase RSA Key Length
Background: Modern computational power and cryptographic techniques have made 1024-bit RSA keys insecure. The new standard is 2048-bit keys.
Solution:
- The RSA host key length is increased from 1024 bits to 2048 bits.
Implementation:
- For existing switches, users need to regenerate the RSA key through the maintenance page: SSH host keys> RSA >Regenerate key.
- For new switch models, the 2048-bit RSA key length will be hardcoded.
Conclusion
The security enhancements in the latest firmware version of 4.80/4.90 are designed to meet modern cybersecurity standards and improve the protection of our networking devices. By implementing mandatory password changes, disabling insecure protocols by default, updating cryptographic algorithms, and increasing key lengths, Zyxel ensures a more secure and robust network infrastructure for its users.
Categories
- All Categories
- 414 Beta Program
- 2.3K Nebula
- 132 Nebula Ideas
- 92 Nebula Status and Incidents
- 5.4K Security
- 181 USG FLEX H Series
- 258 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 37 Wireless Ideas
- 6.2K Consumer Product
- 236 Service & License
- 372 News and Release
- 79 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 80 About Community
- 69 Security Highlight