[unisog] unisog Digest, Vol 24, Issue 17
mjenkins7 at fairmontstate.edu
Mon Mar 20 01:27:00 GMT 2006
Adam and Kheeran, thanks for your replies. We are currently using a separate VLAN for our management interfaces. The VLAN has no route so unless something exists on the same VLAN and is addressed on the same subnet it cannot communicate with other management devices. I presume from both of your posts that you recommend multihoming the administrator's workstations? In the case of VPN, are you using a firewall as a server, or are you using a software VPN server such as Microsoft's RAS or an open-source VPN server? Thanks for your suggestions,
From: unisog-bounces at lists.sans.org on behalf of Kheeran Dharmawardena
Sent: Sun 3/19/2006 7:35 AM
To: unisog at lists.sans.org
Subject: Re: [unisog] unisog Digest, Vol 24, Issue 17
"Jenkins, Matthew" <mjenkins7 at fairmontstate.edu> wrote:
> Message: 1
> Date: Sat, 18 Mar 2006 15:35:51 -0500
> From: "Jenkins, Matthew" <mjenkins7 at fairmontstate.edu>
> Subject: [unisog] Secure Cisco device management
> To: <unisog at lists.sans.org>
> <D2CB4985C212054DAA225C7B9E21C57BA387EA at PVIEX101.fairmontstate.edu>
> Content-Type: text/plain; charset="iso-8859-1"
> I am looking to get some thoughts on locking down our management vlan where our Cisco gear (and other management devices) sit. We have thrown around the idea of a VPN solution so that we can access devices from other networks other than where our administrator's workstations sit. Does anyone have any suggestions for locking down a management network, and what kind of access into the network you would recommend (i.e. multihomed workstations/servers, vpn solution, etc.)? Thanks for your suggestions,
We use the following combination for our security,
1. Administrators workstation network is allowed access to the
2. Connections via the VPN are allowed access.
3. The NMS servers are allowed access to the management network and
administrators are allowed to login to the NMS systems from elsewhere.
4. Connections from anywhere else has been blocked to the management
This combination has given our staff sufficient flexibility to perform
their work effectively while also providing a good level of security
against unwanted access.
Kheeran Dharmawardena Tel: +61 3 9905 4729
Operations Manager Fax: +61 3 9905 9888
Network Infrastructure Services
Monash University Victoria 3800 Australia
unisog mailing list
unisog at lists.sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 5937 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20060319/ca0be7b1/attachment.bin
More information about the unisog