第2章网络设备安全.pptx

网络设备安全;Cisco Integrated Services Routers G2;;Physical security Secure infrastructure equipment in a locked room that: Is accessible only to authorized personnel. Is free of electrostatic or magnetic interference. Has fire suppression. Has controls for temperature and humidity. Install an uninterruptible power supply (UPS) and keep spare components available to reduce the possibility of a DoS attack from power loss to the building. ;Operating system Configure the router with the maximum amount of memory possible. Helps protect it from some DoS attacks. Use the latest stable version of the operating system that meets the feature requirements of the network. Keep a secure copy of the router operating system image and router configuration file as a backup. ;Router hardening Secure administrative control to ensure that only authorized personnel have access and that their level of access is controlled. Disable unused ports and interfaces to reduce the number of ways a device can be accessed. Disable unnecessary services that can be used by an attacker to gather information or for exploitation. ;Restrict device accessibility Limit the accessible ports, restrict the permitted communicators, and restrict the permitted methods of access. Log and account for all access For auditing purposes, record anyone who accesses a device, including what occurs and when. Authenticate access Ensure that access is granted only to authenticated users, groups, and services. Limit the number of failed login attempts and the time between logins. ;Authorize actions Restrict the actions and views permitted by any particular user, group, or service. Present Legal Notification Display a legal notice, developed in conjunction with company legal counsel, for interactive sessions. Ensure the confidentiality of data Protect locally stored sensitive data from viewing and copying. Consider the vulnerability of data in transit over a communication channel to sniffing, session hijacking, and man-in-th