|Like this CertiGuide? Get it in PDF format!|
Use coupon code "certiguide" to save 20%!
|Also available: 300-question Security+ practice test!|
|Get It Here!|
Configuration deals with setting
options on the devices. One key issue to address would be device
passwords used to access administrative features of switches, routers,
etc. Devices typically ship with a default password used for initial
device configuration. Please make sure you change it ASAP. As
mentioned earlier in this book, entire web pages are dedicated to lists
of default passwords for common network devices, so that intruders can
walk right in your front door after turning the key.
Be sure to change any default or blank passwords on the device at configuration time.
When configuring networking equipment,
follow along with the standards already set for your network if possible.
For example, if your organization has standardized on a particular
vendor and model of network switch, the configuration process for one
is likely to be very similar to the configuration process for the next.
In these situations, its best not to reinvent the wheel. Create
a written document outlining the steps to take when configuring a device
of that type, and then follow it each time a similar device needs to
If the device allows you to print
out its configuration information, do this, and file it in a safe place
(even consider storing a copy offsite). It will be useful to have a
record of configuration information should the device fail and need
to be replaced in the future.
Other items to remember when configuring a new piece of networking equipment include:
1. If you dont specifically need SNMP access to the device, disable it.
2. If you do need SNMP access to the device, change the community name.
3. If installing a router, make sure that you have set it up to not allow inbound packets whose source address is on an internal network, or outbound packets whose source address is NOT on an internal network (these package are at best badly damaged, and at worst, forged).
4. Check the manufacturers site to see if they have specific security-related recommendations for their devices. For instance, Cisco provides some hints at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm.
5. Does the device offer a handy-dandy web-browser based configuration interface, as many today do? If so, consider implementing a firewall rule to disallow connections to that device on port 80 (or 443) from all but trusted sources.
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.