[unisog] unisog Digest, Vol 24, Issue 17

Kheeran Dharmawardena kheeran.d at its.monash.edu
Sun Mar 19 12:35:20 GMT 2006


Hi Matthew,

"Jenkins, Matthew" <mjenkins7 at fairmontstate.edu> wrote:

> Message: 1
> Date: Sat, 18 Mar 2006 15:35:51 -0500
> From: "Jenkins, Matthew" <mjenkins7 at fairmontstate.edu>
> Subject: [unisog] Secure Cisco device management
> To: <unisog at lists.sans.org>
> Message-ID:
> 	<D2CB4985C212054DAA225C7B9E21C57BA387EA at PVIEX101.fairmontstate.edu>
> Content-Type: text/plain;	charset="iso-8859-1"
>
> I am looking to get some thoughts on locking down our management vlan where our Cisco gear (and other management devices) sit.  We have thrown around the idea of a VPN solution so that we can access devices from other networks other than where our administrator's workstations sit.  Does anyone have any suggestions for locking down a management network, and what kind of access into the network you would recommend (i.e. multihomed workstations/servers, vpn solution, etc.)?  Thanks for your suggestions,
>   

We use the following combination for our security,
1. Administrators workstation network is allowed access to the
management network.
2. Connections via the VPN are allowed access.
3. The NMS servers are allowed access to the management network and
administrators are allowed to login to the NMS systems from elsewhere.
4. Connections from anywhere else has been blocked to the management
network.

This combination has given our staff sufficient flexibility to perform
their work effectively while also providing a good level of security
against unwanted access.

Cheers
Kheeran

-- 
Kheeran Dharmawardena                       Tel: +61 3 9905 4729
Operations Manager                          Fax: +61 3 9905 9888
Network Infrastructure Services
Monash University Victoria 3800 Australia




More information about the unisog mailing list