[unisog] Secure Cisco device management

Stasiniewicz, Adam stasinia at msoe.edu
Sun Mar 19 04:50:17 GMT 2006


The most common method I have seen is using VLANs.  Basically on your backbone lines you would put tagged VLANs (one VLAN for your primary network, and a second one for the management network).  The actual ports on switches you would manually assign a VLAN and prohibit tagging.  And if you put the management IP for the switches and routers only on the management VLAN, it makes it extremely hard to hack into it.

Regards,
Adam Stasiniewicz  
MSCE: Messaging & Security 2003 

-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org] On Behalf Of Jenkins, Matthew
Sent: Saturday, March 18, 2006 2:36 PM
To: unisog at lists.sans.org
Subject: [unisog] Secure Cisco device management

I am looking to get some thoughts on locking down our management vlan where our Cisco gear (and other management devices) sit.  We have thrown around the idea of a VPN solution so that we can access devices from other networks other than where our administrator's workstations sit.  Does anyone have any suggestions for locking down a management network, and what kind of access into the network you would recommend (i.e. multihomed workstations/servers, vpn solution, etc.)?  Thanks for your suggestions,

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
304.367.4955
AOL: MLJenkinsCom  Yahoo: mljenkins  ICQ: 8116624  MSN
Visit us online at www.fairmontstate.edu


_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list