Device security checklists can be viewed as templates for device lockdown and security
implementation guidelines. You can use the following checklist as a quick summary and working guide to the
device security configuration topics discussed in this chapter.
Device security policy written, approved, distributed, and reviewed on regular basis.
Facilities (room, building, area) housing the devices secured??ā€¯physical security.
Password policies to ensure that good passwords are created that cannot be easily
guessed or hacked.
Password encryption used so that passwords are not visible when device configuration is
viewed.
Access methods such as Console, VTY, AUX using ACLs, and authentication mechanisms
secured.
Access methods such as SSH with AAA authentication chosen wisely.
Unneeded services and protocols to be disabled.
Unused interfaces shut down or disabled.
Configuration hardened for network services and protocols in use (for example, HTTP
and SNMP).
Port and protocol needs of the network and use access lists to limit traffic flow
identified.
Access list for anti-spoofing and infrastructure protection and for blocking reserved and
private addresses considered.
Routing protocols established that use authentication mechanisms for integrity.
Pages:
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161