Device Aegis Checklist
A aegis account is an important certificate absolute a arbitrary of assorted guidelines and instructions for
secure implementations. Accessory aegis checklists can be beheld as templates for accessory lockdown and security
implementation guidelines. You can use the afterward account as a quick arbitrary and alive adviser to the
device aegis agreement capacity discussed in this chapter.
Device aegis action written, approved, distributed, and advised on approved basis.
Facilities (room, building, area) apartment the accessories secured—physical security.
Password behavior to ensure that acceptable passwords are created that cannot be easily
guessed or hacked.
Password encryption acclimated so that passwords are not arresting back accessory agreement is
viewed.
Access methods such as Console, VTY, AUX application ACLs, and affidavit mechanisms
secured.
Access methods such as SSH with AAA affidavit called wisely.
Unneeded casework and protocols to be disabled.
Unused interfaces shut bottomward or disabled.
Configuration accustomed for arrangement casework and protocols in use (for example, HTTP
and SNMP).
Port and agreement needs of the arrangement and use admission lists to absolute cartage flow
identified.
Access account for anti-spoofing and basement aegis and for blocking aloof and
private addresses considered.
Routing protocols accustomed that use affidavit mechanisms for integrity.
Appropriate logging enabled with able time information.
Device's time of day set accurately, maintained with NTP.
Summary
The affiliate focused on the essentials of accepting accessory and administration access. Aegis accomplishing is
not accessible after a policy, and correspondingly, accessory hardening is not accessible after a accessory security
policy. The affiliate begins with a abrupt overview of a accessory aegis action followed by key factors in device
security, such as admission methods, admission control, accessory hardening, and anecdotic added services. The
chapter again concentrates on a altercation of assorted arrangement administration aegis appearance accurately available
on aegis appliances, such as Cisco PIX 500 and ASA 5500 Alternation Adaptive Aegis Appliances, VPN3000
Concentrator, and IPS 4200 alternation apparatus sensors. The affiliate ends with a accessory aegis account that is
developed as a summary.