I have template I've developed over the years does the following: enable ssh disable telnet/web management enables SNMPv3 removes default SNMP configuration applies system lockout policy change host vlan/management address
William Summers Network Administrator Deerfield Academy Tel. 413.774.1838 ________________________________________ From: Dan Newcombe <[email protected]> Sent: Thursday, March 27, 2014 9:01 AM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Security configuration best practices Would love to see whatever you find, but I think a lot of them would be handled by some of the general items covered in the NIST800-53 guidelines, such as log to a central location, change default passwords. Of course, a list of all those to change does make it easier :) ________________________________ From: Aaron Howard <[email protected]> Sent: Thursday, March 27, 2014 8:54 AM To: Enterasys Customer Mailing List Subject: [enterasys] Security configuration best practices We're conducting an IT risk assessment and networking is in scope. For most systems we're using manufacturer security recommendations as a baseline for system security. For example Microsoft or Oracle's system hardening guides. I'm looking for a similar document for Enterasys/Extreme equipment. If there's not an Enterasys specific document, is there a general network security document others have used or can suggest? I'm thinking of some DOD documents, but they focus on Cisco. If this Enterasys specific document doesn't exist there needs to be one created, by this community or Extreme. I can think of several important changes like removing the backdoor rw account that doesn't have a password, that really need to be in a best practices document so that others don't have to learn it the expensive way. -- Aaron Howard Interim Director of ITS Network Services / Computer Network System Manager University of Northern Iowa Office: 319-273-5813 | http://www.uni.edu/its/projects * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
