Aaron, One of the networks we run here uses almost exclusively Enterasys equipment for the transport. As security guidance, we use DISA STIGS, and although some of them are geared towards Cisco equipment, for the most part, the concepts are not much different.
The STIG viewer can be found here: http://iase.disa.mil/stigs/stig_viewing_guidance.html The L2 and L3 STIGS you may want to look at can be found here: http://iase.disa.mil/stigs/net_perimeter/network_infra/routers_switches.html The ones you'll probably want to look at are u_network_infrastructure_router_l3_switch_v8r16_stig.zip and u_network_l2_switch_v8r16_stig.zip. These zip files contain STIGs that are Cisco and Juniper specific, but also contain generic sets of STIGs. You will be able to generate checklists using the STIG viewer, and be able to sort them by importance. Remember that these are only minimum levels of protection, and that you will be free to configure your equipment at a higher level if you wish. We do. Also, note that there will be guidelines contained within these sets of STIGs for configurations that may not be applicable to your site. For example, if you're not running BGP, there is no need to configure it for authentication. While I can't speak for any Enterasys/Extreme networks specific documentation, the STIGs will give you a good baseline from which to begin to harden your network, or to check your current configurations against. Marcus D Florido IT Systems Analyst MITSC EAST Network Management -----Original Message----- From: Aaron Howard [mailto:[email protected]] Sent: Thursday, March 27, 2014 8:55 AM To: Enterasys Customer Mailing List Subject: [enterasys] Security configuration best practices We're conducting an IT risk assessment and networking is in scope. For most systems we're using manufacturer security recommendations as a baseline for system security. For example Microsoft or Oracle's system hardening guides. I'm looking for a similar document for Enterasys/Extreme equipment. If there's not an Enterasys specific document, is there a general network security document others have used or can suggest? I'm thinking of some DOD documents, but they focus on Cisco. If this Enterasys specific document doesn't exist there needs to be one created, by this community or Extreme. I can think of several important changes like removing the backdoor rw account that doesn't have a password, that really need to be in a best practices document so that others don't have to learn it the expensive way. -- Aaron Howard Interim Director of ITS Network Services / Computer Network System Manager University of Northern Iowa Office: 319-273-5813 | http://www.uni.edu/its/projects * --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
smime.p7s
Description: S/MIME cryptographic signature
