Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.5  Security Baselines
           9  3.5.2  Network Hardening

Previous Topic/Section
3.5.2.1  Updates (Firmware)
Previous Page
Pages in Current Topic/Section
1
Next Page
3.5.2.2.1  Enabling and Disabling Services and Protocols
Next Topic/Section

3.5.2.2  Configuration

Configuration deals with setting options on the devices. One key issue to address would be device passwords used to access administrative features of switches, routers, etc. Devices typically ship with a default password used for initial device configuration. Please make sure you change it ASAP. As mentioned earlier in this book, entire web pages are dedicated to lists of default passwords for common network devices, so that intruders can walk right in your front door after turning the key.

Setup Configuration

Be sure to change any default or blank passwords on the device at configuration time.


When configuring networking equipment, follow along with the standards already set for your network if possible. For example, if your organization has standardized on a particular vendor and model of network switch, the configuration process for one is likely to be very similar to the configuration process for the next. In these situations, it’s best not to reinvent the wheel. Create a written document outlining the steps to take when configuring a device of that type, and then follow it each time a similar device needs to be installed.

If the device allows you to print out its configuration information, do this, and file it in a safe place (even consider storing a copy offsite). It will be useful to have a record of configuration information should the device fail and need to be replaced in the future.

Don’t Forget…

Other items to remember when configuring a new piece of networking equipment include:

1. If you don’t specifically need SNMP access to the device, disable it.

2. If you do need SNMP access to the device, change the community name.

3. If installing a router, make sure that you have set it up to not allow inbound packets whose source address is on an internal network, or outbound packets whose source address is NOT on an internal network (these package are at best badly damaged, and at worst, forged).

4. Check the manufacturer’s site to see if they have specific security-related recommendations for their devices. For instance, Cisco provides some hints at
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm.

5. Does the device offer a handy-dandy web-browser based configuration interface, as many today do? If so, consider implementing a firewall rule to disallow connections to that device on port 80 (or 443) from all but trusted sources.


Quick navigation to subsections and regular topics in this section



Previous Topic/Section
3.5.2.1  Updates (Firmware)
Previous Page
Pages in Current Topic/Section
1
Next Page
3.5.2.2.1  Enabling and Disabling Services and Protocols
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.