10-03-2007 01:35 AM - edited 03-05-2019 06:50 PM
As a Cisco LAN Administrator, what are the things one need to do in order to be proactive.
As at now.
1. I have done a network LAN architecture diagram to depict where each of the switches are
2. Done a software and hardware inventory
3. Checking to find out which if the hardware or software is end of life
So what else?
Thanks
10-03-2007 01:39 AM
Security audit?
10-03-2007 02:15 AM
In terms of what?
ssh connection?
10-03-2007 02:37 AM
A security audit will involve Checking SW for vulnerabilities, checking configs for good practice, chacking procsses for good practice all that kind of thing.
Also think about defining an upgrade strategy - that could be anything from "we will automatically update the moment Cisco release a new version" to " we will update if we have a problem that can be identified in the software we are running.
Look at NMS systems - something that will le you capture traffic patterns will help identify bottlenecks or issues early
Being proactive also means having plans to deal with faults - "we run with sufficient free ports in a physical location to allow repatching of all users should a switch/module fail"
10-09-2007 06:50 AM
Thank you very much
10-03-2007 02:40 AM
In terms of, for example:
- who has access to the management features,
- using which protocols,
- how management access is logged (if at all)
- how management traffic is restricted,
- how you keep backups of the configs,
- whether you use sectret instead of password,
- whether you allow VLAN 1 anywhere,
- whether you seperate management traffic from user traffic
- etc etc
The list is huge. There are some good books, and several documents on the Cisco web, about hardening the security of Cisco switches and routers. An audit would measure your security in terms of the recommendations.
Kevin Dorrell
Luxembourg
10-09-2007 06:01 AM
Thank you so much
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide