I've been wondering lately what the security risks of not having a access list on the VTY interfaces or just a access list for SSH on the dialer interface.
My problem is as a service provider and maintaining client networks we are not always at our office on our static IP address, I thought of using options such as VPNs either direct to the client or to our office to use its IP.
So the questions are:
- How big of a security risk is it not having any ACLs on the vty interfaces? (Telnet has been disabled only SSH is allowed)
- What is better a ACL on the VTYs or on the dialer? (I've taken over managment of a network and had to use a console connection to gain access as the ACLs only allowed certain IPs which we did not have access to)
- What do other service providers do in this situation?