Posted by: David Davis
Cisco, ImageStream, Networking, Security, Windows Security
In a recent Information Week article, “A Crook Comes Clean“, a conviced malicious hacker admitted to helping a crime organization hack into companies networks and steal resources like thousands of minutes of free VoIP usage. One of the most obvious statements he made was this:
“it would have been easy for IT and security managers to detect him-if they’d been looking. “If they were just monitoring their boxes and keeping logs, they could easily have seen us logged in there,” he said. “If they had intrusion-detection systems set up, they could have easily seen that these weren’t their calls.”
IT technicians also could have set up access lists, telling their networks to allow only their own IP addresses to get in. “We came across only two or three boxes that actually had access lists in place,” Moore added. “The telecoms that we couldn’t get into had access lists or boxes that we couldn’t get into because of strong passwords.”
I think that this is a good reminder for us all to follow the basic security practices to secure our network. To me, this is as simple as what you should be doing to secure your data center physically – locks on the doors, no windows, strong doors, controlled access, etc.
I have published a number of articles and videos on how to secure your network. For example, here is a video on securing your router using IOS Access-Lists (ACL): FREE VIDEO: Harden your Cisco Router with IOS ACLs
Additionally, SANS has a great document on securing your network:SANS: Cisco Router Hardening Step by Step
- change default passwords & use complex passwords
- use protocols that are secure (no http and telnet to manage routers)
- password protect all entrances to the router and routing protocols
- Apply ACL on your router to control management access and prevent spoofing
- Use a firewall (in the router or a stand-alone box) to control inbound and outbound network access to and from the Internet
So much of security is just common sense and taking time to apply it.
Have a great day!
David Davis, CCIE
Personal Website: HappyRouter.com – home of Cisco how-to articles & videos
HappyRouter Cisco CCNA & CCNP Video Training Series
Cirro – Quote Telecom Internet, Voice, and Data T1 circuits from an unbiased source