A network manager should restrict most users to allow them to access only the facilities they need, but is responsible for ensuring no one loses an account and access to a cable or a set of routers.
This was the first half of the “Security Best Practices” section of the Cisco Prime presentation, but really covers the basic rules for perimeter and WAN security.

 Secure Logging
There is more than enough information on these topics on the Cisco forums or their site, so you can save yourself some time and refer to the basic rules you need to be aware of. (As usual, the Cisco Prime presentation is the most comprehensive guide I’ve seen on these topics and I would recommend you get a copy.)
 Secure File and Registry Access
There are two common ways for the browser or the WAN client to access files and registry settings in an SSH session, both of which can result in information being disclosed. The first way is by accepting the “Allow” flag from the remote host. This is easily disabled on some WAN clients or no firewall on most. The second way is to bypass the firewall and access files and registry settings.
If you don’t want a remote host to be able to do this (eg. when a website is secured), disable the “Allow” flag, this is done by using the “Safe Mode”.
Secure Management of Plugged-in Devices
This is a topic that many people don’t know about or care about. If you are connecting a non-CD device, like a modem, to a VPN, it needs a connection ID set up. This connection ID needs to be changed by the system that is trying to use the device (be it your VPN provider or the VPN itself). The same applies to laptops and tablets, which usually have a set of rules set up in the BIOS that need to be enabled or disabled (depending on the device).
If you don’t have access to the proper connection IDs for the device you are connecting, you can’t even connect it to a VPN.
Secure Remotely Managing Network Devices

This is also one of the things I found really hard to wrap my head around as I first learned it. When you connect to a device using the VPN client you have control over a second device with the same IP address. This means that an attacker could build a system that thinks that it is the Internet, which could be either remotely controlled or controlled by an attacker that was already present on your network.

For further information regarding network security solutions, visit https://www.fortinet.com/solutions/industries/hospitality.

About the author:

David Brim

David Brim is a marketing strategist, entrepreneur and investor living in Orlando, Florida. He is the founder of Orlando Entrepreneurs - a network, podcast and resource center created to connect, cultivate & celebrate Central Florida entrepreneurs. His primary professional focus areas include business model development, online lead generation, Software as a Service (SaaS) products, angel investing, and commercial real estate. Learn more at his blog Filled to the Brim.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *