background image
426
Chapter 11
Access Policies
Managing Network Devices
I
t is important to be able to manage all your network devices. The first
thing most administrators perform on their networking equipment is to set
the passwords. This is probably a good thing to do right away. However, it
is not the only thing you need to do. If all you set is the passwords, you are
overlooking some of the other needed security items. This section will dis-
cuss the typical security that can be provided on a Cisco internetwork.
You should create a plan for the following:
Physical security
Passwords
Privilege levels
Banners
Limiting Telnet and HTTP access
Physical Security
One of the first things you need to document when you're creating an access
policy to describe network security is how to create physical security.
Physically accessing equipment is the easiest way to gain access into a
campus internetwork. It takes less than a minute to break into any Cisco
router or switch if physical access to the device is granted. If you cannot get
physical access to a Cisco router or switch, it is impossible to break into it
unless you can guess the passwords.
If someone has physical access to your network equipment, they can have
almost complete control over it. Most devices have a backdoor for getting in
without a password. Creating a security policy doesn't help if you don't cre-
ate physical security as well. The following are some possible solutions for
physical security access policies:
Create a configuration and control policy for each type of device. For
each site and remote branch, have a security plan that details how the
links will be secured.
Design and implement server rooms and network closets that have
locks--or even badge entry. Make sure the proper ventilation and
power is installed, as well as UPS systems.
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com