Differences between revisions 2 and 3
Revision 2 as of 2016-04-27 21:18:16
Size: 952
Editor: PieterSmit
Comment:
Revision 3 as of 2016-05-02 22:58:14
Size: 1045
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 17: Line 17:
   * FW and VPN
     * Web login
     * VPN login
       * OpenVPN
       * Windows IPSec

Security access to network infrastructure

  • Device types:
    • Routers, Switches, Access points
      • Telnet / Ssh / console
      • http/https
      • snmp
      • ospf/bgp
      • vtp
      • hsrp/vrrp
    • Linux Servers
      • ssh
      • html/https data leakage
      • ftp
      • tftp
    • FW and VPN
      • Web login
      • VPN login
        • OpenVPN
        • Windows IPSec
  • Protection

    1. Password Strong (length >12, change interval)

    2. Passwords strongly encrypted/hashed on devices
    3. Passwords different per device if local.
    4. Passwords centrally using Tacacs/Radius, limit attempts.
    5. Ssh crypto key login, where device supports it.
    6. Acl snmp, only management server.
    7. Acl login telnet/Ssh admin subnet + VPN subnet + fixed local ip.
    8. Logging to syslog.
    9. Remove ospf (passive) from subnets where not needed.
    10. Hsrp/VRRP use password
    11. Acl on Vlan/Wan edge, limiting internal traffic.

...

CategoryCisco

SecurityNetworkLogin (last edited 2016-05-02 22:58:14 by PieterSmit)