Previous Page Next Page

Device Security Checklist

A security checklist is an important document containing a summary of various guidelines and instructions for secure implementations. Device security checklists can be viewed as templates for device lockdown and security implementation guidelines. You can use the following checklist as a quick summary and working guide to the device security configuration topics discussed in this chapter.

check markDevice security policy written, approved, distributed, and reviewed on regular basis.
check markFacilities (room, building, area) housing the devices secured—physical security.
check markPassword policies to ensure that good passwords are created that cannot be easily guessed or hacked.
check markPassword encryption used so that passwords are not visible when device configuration is viewed.
check markAccess methods such as Console, VTY, AUX using ACLs, and authentication mechanisms secured.
check markAccess methods such as SSH with AAA authentication chosen wisely.
check markUnneeded services and protocols to be disabled.
check markUnused interfaces shut down or disabled.
check markConfiguration hardened for network services and protocols in use (for example, HTTP and SNMP).
check markPort and protocol needs of the network and use access lists to limit traffic flow identified.
check markAccess list for anti-spoofing and infrastructure protection and for blocking reserved and private addresses considered.
check markRouting protocols established that use authentication mechanisms for integrity.
check markAppropriate logging enabled with proper time information.
check markDevice's time of day set accurately, maintained with NTP.


Previous Page Next Page