This topic doesn't seam to come up at all. I started out in the ISP biz
and moved over to Information security for a company who was small
enough that tik's still seamed to fit the bill.
However we are starting to get hit with PCI-DSS evaluations, Risk
Assessments and Gap Analysis with an array of requirements -- most which
I have been able to meet easily except one : Security authentication on
the router. Almost every third part wants to see me doing it the 'cisco'
way with primary remote logins being strictly unprivileged and forcing
elevation to a privileged user after connection. IE - enable.
Now I can emulate this functionality by allowing only a stripped down
user remote access and setting up a loopback bridge interface with no
ports, setting an ip address to that bridge and ssh'ing into itself from
there as the allowed ip address for the administrative full access user
being the router itself.
Which in of itself isn't too terrible other than i prefer to work with
firewall rules using winbox. Anyone else had experience with this and
other PCI-DSS compliance rules and getting the tik to be compliant ?
- Kriss
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
