The device security policy can also outline the minimal security configuration for all devices in the
network they serve.
Figure 3-1 shows a conceptual layered view of device security. The security of each layer depends on the
security of the layers within. For example, if physical security is compromised (the inner layer), all other layers
above will also be affected, resulting in a domino effect.
Figure 3-1. Conceptual Layered View of Device Security
[View full size image]
A device security policy should define rules that spell out who, where, and how these devices will be accessed,
in terms of both administrative roles and network services. The device security policy must blend into the
overall framework of the high-level requirements of the network security policy.
Chapter 3. Device Security
Securing devices in a network is one of the most important tasks in network security. This chapter describes
general principles for protecting the device itself, beginning with a device security policy. In describing these
general principles, the chapter focuses on routers, switches, firewalls, concentrators, and intrusion-detection
devices. The chapter describes a number of important security tasks, including accessing methods and controls,
hardening configuration, identifying unwanted services, managing devices, and monitoring and auditing
services.
Pages:
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113