[c-nsp] best practices switches/Router

Scott Granados gsgranados at comcast.net
Tue Oct 13 17:16:12 EDT 2009 

I'm sure you're right.  I just found the whole conversation odd and the idea of the NSA being helpful humorous, especially when you walk by buildings that don't exist!

Sort of like asking the IRS for tax advice and hoping that you'll get the most cost effective option.;)

You have a good point though and if anyone should be able to pull together security documentation you'd hope the NSA would be a great resource.

Thanks
Scott

  ----- Original Message ----- 
  From: Paul Cosgrove 
  To: Scott Granados 
  Cc: Kevin Graham ; jckdaniels12 at gmail.com ; cisco-nsp at puck.nether.net 
  Sent: Tuesday, October 13, 2009 2:06 PM
  Subject: Re: [c-nsp] best practices switches/Router


  Hi Scott,

  Would have to recommend reading the document, as the NSA have produced very well written guides for many years.  Then adopt whichever recommendations you like, or a cunning disguise if you prefer.

  Paul.



  On Tue, Oct 13, 2009 at 6:55 PM, Scott Granados <gsgranados at comcast.net> wrote:

    NSA security policy, hmmmm, does that involve a lot of port mirroring and copying of data to non existant trunks.  (shshshshshsh) Or use of encryption standards that are almost secure.;)

    Call me crazy (you wouldn't be the first) but I have to say I'm always skeptical when someone says "Hi, we're from the Government and we're here to help!"



    ----- Original Message ----- From: "Kevin Graham" <kgraham at industrial-marshmallow.com>
    To: <jckdaniels12 at gmail.com>; <cisco-nsp at puck.nether.net>
    Sent: Tuesday, October 13, 2009 10:37 AM

    Subject: Re: [c-nsp] best practices switches/Router





        my aim is to do review of the configs of ROUTERS and Switches in my network.
        As a review , need to track down the best practices that should be
        configured and are not there in my network.


      Was:

       http://www.google.com/search?q=site%3Acisco.com+best+practices

      ...not sufficient?


        From a security standpoint, in addition to the NSA SNAC publications already

      mentioned, Cisco's  Network Security Baseline is very much worth reading:


      https://www.cisco.com/en/US/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook.html
      _______________________________________________
      cisco-nsp mailing list  cisco-nsp at puck.nether.net
      https://puck.nether.net/mailman/listinfo/cisco-nsp
      archive at http://puck.nether.net/pipermail/cisco-nsp/ 


    _______________________________________________
    cisco-nsp mailing list  cisco-nsp at puck.nether.net
    https://puck.nether.net/mailman/listinfo/cisco-nsp
    archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list