⇤ ← Revision 1 as of 2016-04-27 21:01:38
362
Comment:
|
952
|
Deletions are marked like this. | Additions are marked like this. |
Line 6: | Line 6: |
* Telnet / Ssh | * Telnet / Ssh / console |
Line 18: | Line 18: |
* Protection 1. Password Strong (length >12, change interval) 1. Passwords strongly encrypted/hashed on devices 1. Passwords different per device if local. 1. Passwords centrally using Tacacs/Radius, limit attempts. 1. Ssh crypto key login, where device supports it. 1. Acl snmp, only management server. 1. Acl login telnet/Ssh admin subnet + VPN subnet + fixed local ip. 1. Logging to syslog. 1. Remove ospf (passive) from subnets where not needed. 1. Hsrp/VRRP use password 1. Acl on Vlan/Wan edge, limiting internal traffic. |
Security access to network infrastructure
- Device types:
- Routers, Switches, Access points
- Telnet / Ssh / console
- http/https
- snmp
- ospf/bgp
- vtp
- hsrp/vrrp
- Linux Servers
- ssh
- html/https data leakage
- ftp
- tftp
- Routers, Switches, Access points
- Protection
Password Strong (length >12, change interval)
- Passwords strongly encrypted/hashed on devices
- Passwords different per device if local.
- Passwords centrally using Tacacs/Radius, limit attempts.
- Ssh crypto key login, where device supports it.
- Acl snmp, only management server.
- Acl login telnet/Ssh admin subnet + VPN subnet + fixed local ip.
- Logging to syslog.
- Remove ospf (passive) from subnets where not needed.
- Hsrp/VRRP use password
- Acl on Vlan/Wan edge, limiting internal traffic.
...