User Tools

Site Tools


networksecurityrecommendations

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

networksecurityrecommendations [2013/01/27 21:29] (current)
Line 1: Line 1:
 +====== Network Security Recommendations ======
 +  * SNMP ACLs
 +  * VTY ACLs
 +  * VLAN ACLs whitelisting address space for outbound traffic (prevents source spoofing)
 +  * Port Security – We are using it, but we should enable it everywhere even at high number of MAC address allowances (prevent MAC table overflows), set aging time on VM ports
 +  * MAC address ACLs (blacklist MAC addresses on switches preventing user from jumping between switch ports and switching IPs)
  
 +  * DHCP Snooping on switches in DHCP environments (i.e. Engineering,​ Chemistry, etc.)
 +  * IP Source Guard
 +  * Dynamic ARP Inspection
 +
 +  * Cisco torch – Vulnerability scanning and exploitation
 +  * OpenVAS – Vulnerability scanning and exploitation
 +  * Yersinia – exploit tool
 +  * MetaSploit – exploit tool
 +
 +
 +-- Main.FredPettis - 2012-05-24
networksecurityrecommendations.txt ยท Last modified: 2013/01/27 21:29 (external edit)