Security access to network infrastructure
- Device types:
- Routers, Switches, Access points
- Telnet / Ssh / console
- http/https
- snmp
- ospf/bgp
- vtp
- hsrp/vrrp
- Linux Servers
- ssh
- html/https data leakage
- ftp
- tftp
- FW and VPN
- Web login
- VPN login
- OpenVPN
- Windows IPSec
- Routers, Switches, Access points
- Protection
Password Strong (length >12, change interval)
- Passwords strongly encrypted/hashed on devices
- Passwords different per device if local.
- Passwords centrally using Tacacs/Radius, limit attempts.
- Ssh crypto key login, where device supports it.
- Acl snmp, only management server.
- Acl login telnet/Ssh admin subnet + VPN subnet + fixed local ip.
- Logging to syslog.
- Remove ospf (passive) from subnets where not needed.
- Hsrp/VRRP use password
- Acl on Vlan/Wan edge, limiting internal traffic.
...