networksecurityrecommendations
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | networksecurityrecommendations [2013/01/28 04:29] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Network Security Recommendations ====== | ||
+ | * SNMP ACLs | ||
+ | * VTY ACLs | ||
+ | * VLAN ACLs whitelisting address space for outbound traffic (prevents source spoofing) | ||
+ | * Port Security – We are using it, but we should enable it everywhere even at high number of MAC address allowances (prevent MAC table overflows), set aging time on VM ports | ||
+ | * MAC address ACLs (blacklist MAC addresses on switches preventing user from jumping between switch ports and switching IPs) | ||
+ | * DHCP Snooping on switches in DHCP environments (i.e. Engineering, | ||
+ | * IP Source Guard | ||
+ | * Dynamic ARP Inspection | ||
+ | |||
+ | * Cisco torch – Vulnerability scanning and exploitation | ||
+ | * OpenVAS – Vulnerability scanning and exploitation | ||
+ | * Yersinia – exploit tool | ||
+ | * MetaSploit – exploit tool | ||
+ | |||
+ | |||
+ | -- Main.FredPettis - 2012-05-24 |
networksecurityrecommendations.txt · Last modified: 2013/01/28 04:29 by 127.0.0.1