![]() Finally, we want to ensure that these management sessions are only permitted from trusted networks/subnets or from a fortified bastion host. All sessions should be centrally logged and performed over a secure encrypted connection (SSH not telnet right!), and that unused management protocols are disabled (HTTP/HTTPS). Ideally, we want our customers to be leveraging a centralized AAA model, with individual members of the support team all having their own unique accounts, while granting them the minimum permissions required to fulfill their job functions. One of the areas we look at when assessing a customer’s network is how they are protecting/restricting access to the management plane of their network infrastructure. Over the last few weeks I have been busy working on a network assessment for one of our fantastic customers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |