We've had numerous diaries on this, on this, including (please let me know if i've missed any, I've only included the ones I could remember) Harden the device using a public or custom Benchmark (yes, even Firewalls are not hardened out of the box)Īudit the final configs against the Benchmark Periodically update to remediate security exposures Verify boot Images before installing, and periodically after Name user accounts (often using a back-end directory for authentication)Įncrypted administration protocols (no more telnet ! ) This sustained effort should have all the usual suspects: Don't limit yourself to routers, switches and firewalls in this - be sure to include Fiber Channel switches, Load Balancers, IPS servers and appliances (yes, i see these get missed all the time! ) in this category also We really should put a sustained effort into securing these devices as vital parts of the infrastructure.
If you think about it, your routers, switches and firewalls touch *everything*. Or, if it was hardened when installed, it'll be checked off as 'done' (as in 'done forever'). For some reason, switches and routers often fall into the category of 'it works, we must be done'. Hardening network infrastructure is an often overlooked step.