[c-nsp] best practices switches/Router
Scott Granados
gsgranados at comcast.net
Tue Oct 13 17:16:12 EDT 2009
I'm sure you're right. I just found the whole conversation odd and the idea of the NSA being helpful humorous, especially when you walk by buildings that don't exist!
Sort of like asking the IRS for tax advice and hoping that you'll get the most cost effective option.;)
You have a good point though and if anyone should be able to pull together security documentation you'd hope the NSA would be a great resource.
Thanks
Scott
----- Original Message -----
From: Paul Cosgrove
To: Scott Granados
Cc: Kevin Graham ; jckdaniels12 at gmail.com ; cisco-nsp at puck.nether.net
Sent: Tuesday, October 13, 2009 2:06 PM
Subject: Re: [c-nsp] best practices switches/Router
Hi Scott,
Would have to recommend reading the document, as the NSA have produced very well written guides for many years. Then adopt whichever recommendations you like, or a cunning disguise if you prefer.
Paul.
On Tue, Oct 13, 2009 at 6:55 PM, Scott Granados <gsgranados at comcast.net> wrote:
NSA security policy, hmmmm, does that involve a lot of port mirroring and copying of data to non existant trunks. (shshshshshsh) Or use of encryption standards that are almost secure.;)
Call me crazy (you wouldn't be the first) but I have to say I'm always skeptical when someone says "Hi, we're from the Government and we're here to help!"
----- Original Message ----- From: "Kevin Graham" <kgraham at industrial-marshmallow.com>
To: <jckdaniels12 at gmail.com>; <cisco-nsp at puck.nether.net>
Sent: Tuesday, October 13, 2009 10:37 AM
Subject: Re: [c-nsp] best practices switches/Router
my aim is to do review of the configs of ROUTERS and Switches in my network.
As a review , need to track down the best practices that should be
configured and are not there in my network.
Was:
http://www.google.com/search?q=site%3Acisco.com+best+practices
...not sufficient?
From a security standpoint, in addition to the NSA SNAC publications already
mentioned, Cisco's Network Security Baseline is very much worth reading:
https://www.cisco.com/en/US/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook.html
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list