Finally, we want to ensure that these management sessions are only permitted from trusted networks/subnets or from a fortified bastion host. All sessions should be centrally logged and performed over a secure encrypted connection (SSH not telnet right!), and that unused management protocols are disabled (HTTP/HTTPS). Ideally, we want our customers to be leveraging a centralized AAA model, with individual members of the support team all having their own unique accounts, while granting them the minimum permissions required to fulfill their job functions. ![]() One of the areas we look at when assessing a customer’s network is how they are protecting/restricting access to the management plane of their network infrastructure. ![]() Over the last few weeks I have been busy working on a network assessment for one of our fantastic customers.
0 Comments
Leave a Reply. |