On Thu, 2013-03-21 at 13:04 -0600, Sean Heskett wrote: > As our network grows and we keep adding more hardware I am wondering > what others do with passwords to all these devices.
I suspect that if you are wondering what "most" do, it's 1 password key for the entire network. While that may be a problem, here is a bit of advice: 1. Use a centralized password authentication system - Many devices support radius auth for login. Restrict access to this server. 2. Create and enforce a REAL secure password - Mix numbers, letters, capitalization, etc. Main goal is to create a standard and follow it. If you are really paranoid, force them to change this password periodically. 3. Provide each person with access to devices with a UNIQUE login. This allows you to track WHO is logging in. 4. Set up a syslog service and push syslog data from your infrastructure devices out to this central server. This allows you to easily track who is logging in to the devices, when and which devices. Also, this makes it more difficult for people to log in and clear the log of their login. Access to this server should be VERY limited. 5. Where possible, create firewalls to limit where logins can come from. While many devices do not have firewalls, it should be possible to use a firewall at some point to protect your infrastructure devices. If this is not the case, perhaps you should re-think how the network is built. -- ******************************************************************** * Butch Evans * Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * * 702-537-0979 * ******************************************************************** _______________________________________________ Wireless mailing list [email protected] http://lists.wispa.org/mailman/listinfo/wireless
