Home

This document is a cache from http://www.qator.com/files/cc_cm_book.pdf


The Definitive Guide to Enterprise Network Configuration and ...

Document source : www.qator.com

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 All Pages

Chapter 3
Regular Password Changes
Most administrators agree that regular password changes on devices are a good security practice.
Most honest administrators will admit that they don't do so. Simply put, changing the device
passwords--or SNMP community strings, which serve a similar function--on dozens of devices
can take too long, is too error-prone, and creates too much confusion in the support staff.
Utilities are required. Ideally, if you've already implemented a centralized device-management
solution, you have the necessary tools. Most solutions can push device changes out to as many
devices as necessary, ensuring that passwords are changed properly, consistently, and on
schedule. Some management solutions provide a centralized management UI, removing the need
to log on to the devices directly. Thus, you won't need to inform support staff of a password
change; only the management solution needs to know. Coupled with role-based security,
management solutions can offer more effective device security simply because they make it
more feasible to observe long-standing industry best practices.
Templates for Consistency and Compliance
Consistency can improve both security and maintenance activities for network devices. For
example, consider the partial configuration file from a Cisco AS2509 access server that Listing
3.1 shows.
!
version 11.3
service timestamps debug datetime msec localtime
no service udp-small-servers
service tcp-small-servers
!
hostname 2500-DialOut
!
enable secret 5 $1$WG3K$8Zhlh6hx4U3U2KFPyW0
enable password abc
!
ip domain-name company.com
ip name-server 10.0.0.0
ip address-pool local
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
no ip mroute-cache
no ip route-cache
no lat enabled
no mop enabled
!
interface Serial0
no ip address
no ip mroute-cache
no ip route-cache
shutdown
!
interface Serial1
no ip address
no ip mroute-cache
no ip route-cache
shutdown
57

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 All Pages



Share |
    |     Download PDF



Summary :

ip domain-name company.com ip name-server 10.0.0.0 ip address-pool local ! interface Ethernet0 ip address 10.0.0.1 255.255.255.0 no ip mroute-cache no ip route-cache no lat enabled no mop enabled ! interface Serial0 no ip address no ip mroute-cache no ip route-cache shutdown !


Tags : deices,password,management,security,interface,too,address,serice,changes,routecache,mroutecache,deice,solutions




Terms    |    Link pdf-search-files.com    |    Site Map
   |    Content Removal Notice   
   |    Contact   

All books are the property of their respective owners.
Please respect the publisher and the author for their creations if their books copyrighted