952
Comment:
|
← Revision 3 as of 2016-05-02 22:58:14 ⇥
1045
|
Deletions are marked like this. | Additions are marked like this. |
Line 17: | Line 17: |
* FW and VPN * Web login * VPN login * OpenVPN * Windows IPSec |
Security access to network infrastructure
- Device types:
- Routers, Switches, Access points
- Telnet / Ssh / console
- http/https
- snmp
- ospf/bgp
- vtp
- hsrp/vrrp
- Linux Servers
- ssh
- html/https data leakage
- ftp
- tftp
- FW and VPN
- Web login
- VPN login
- OpenVPN
- Windows IPSec
- Routers, Switches, Access points
- Protection
Password Strong (length >12, change interval)
- Passwords strongly encrypted/hashed on devices
- Passwords different per device if local.
- Passwords centrally using Tacacs/Radius, limit attempts.
- Ssh crypto key login, where device supports it.
- Acl snmp, only management server.
- Acl login telnet/Ssh admin subnet + VPN subnet + fixed local ip.
- Logging to syslog.
- Remove ospf (passive) from subnets where not needed.
- Hsrp/VRRP use password
- Acl on Vlan/Wan edge, limiting internal traffic.
...