#format wiki
#language en
= Security access to network infrastructure =
 * Device types:
   * Routers,  Switches,  Access points
     * Telnet / Ssh / console
     * http/https
     * snmp
     * ospf/bgp
     * vtp
     * hsrp/vrrp
   * Linux Servers
     * ssh
     * html/https data leakage
     * ftp
     * tftp   
   * FW and VPN
     * Web login
     * VPN login
       * OpenVPN
       * Windows IPSec
 * Protection 
   1. Password Strong (length >12, change interval) 
   1. Passwords strongly encrypted/hashed on devices 
   1. Passwords different per device if local. 
   1. Passwords centrally using Tacacs/Radius, limit attempts.
   1. Ssh crypto key login, where device supports it. 
   1. Acl snmp,  only management server. 
   1. Acl login telnet/Ssh admin subnet + VPN subnet + fixed local ip. 
   1. Logging to syslog. 
   1. Remove ospf (passive) from subnets where not needed. 
   1. Hsrp/VRRP use password 
   1. Acl on Vlan/Wan edge, limiting internal traffic. 

...
----
CategoryCisco