Lab: Secure a Switch (Access Hardening)

SY0-701 Objectives 4.1, 4.6 & 2.5 — Hardening Targets & Default Credentials

Scenario. You are the network technician at Cobalt Peak Brewing Co. A new access-layer switch — a NorthBridge NB-2400 at 10.20.5.2 — was just racked in the taproom network closet, still on its factory defaults. Before it carries production traffic you must lock down its management plane: sign in with the default credentials, replace them with a strong password, turn off the cleartext Telnet management service, enable encrypted SSH instead, and save the configuration so it survives a reboot.

NB-2400 — Web Management Console

http://10.20.5.2/ (HTTP — management)

NB-2400 — factory label Default sign-in:
user admin
pass admin
(change on first login)

NorthBridge NB-2400

Managed Switch · Web Management

Username

Password

Signed in as admin · NB-2400

Unsaved changes

Dashboard

NB-2400 · firmware 2.08 · 24 ports · uptime 4m

This switch is still on factory settings. Use the System > Admin Password and Management > Remote Access pages to harden access, then Save Config.

Administrator Password

Replace the default password. Policy: at least 12 characters with upper- and lower-case letters, a digit, and a symbol; cannot contain the word “admin”.

Current password

New password

At least 12 characters
An upper-case letter
A lower-case letter
A digit
A symbol
Does not contain “admin”

Confirm new password

Remote Management Access

Choose how administrators reach this switch over the network.

Telnet cleartext

Legacy remote CLI. Sends credentials and session data unencrypted — readable by anyone on the path.

SSH encrypted

Encrypted remote CLI. Protects credentials and the session in transit.

HTTP web management

This console. Optional in this task; HTTPS is preferred where available.

Task progress (auto-checked)

Score0 / 8

Knowledge check

Submit completed lab

Hacker name (pseudonym) Use a pseudonym only — never your real name. Keep personal info out of this system.