Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
2
Replies

Basic security

Go to solution
oneirishpollack
Level 1
Level 1

‎02-14-2013 07:01 AM - edited ‎03-07-2019 11:43 AM

Hi All,

Just came into a situation with the following scenarios:

Issue: All network devices are on VLAN 1 (native).

Issues: Wireless uses MAC filtering with WEP

Issue: SNMP v2 is used to send traps or poll data between edge routers

Issue: Telnet is enabled for terminal sessions between edge routers

Can you help me prioritize the order of importance?

All of the network devices, primarily Cisco, have private addresses in a common subnet (192.168.x.x), the third octet represents the site, is it common practice than to include the management subnet at each site in the site-to-site VPNs that are created?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ALIAOF_
Level 6
Level 6

‎02-14-2013 07:37 AM

I think every one has their own way of doing things but I think this would be good:

- Get rid of the telnet on the routers especially if they are being accessed over the WAN and at the same time you can fix the SNMP v2 scenario

- Fix Wireless

- Update VLAN scenario.

View solution in original post

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎02-14-2013 09:10 AM

Order of importance?

- I'd get rid of the wep situation if possible. Even with mac filtering, it's simple enough to spoof the mac address and decrypt the key.

- Telnet switched over to ssh

- VLANs are going to take some planning and work to implement depending on the size of your organization. (Although, that's the same thing for 1 because you have to take into consideration how many clients you'll be affecting with the change).

My 2 bottoms would be snmp and vlan changes. I would definitely change WEP since that's a good opportunity for someone outside of your building to get access to your network.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
2 Replies 2

Go to solution
ALIAOF_
Level 6
Level 6

‎02-14-2013 07:37 AM

I think every one has their own way of doing things but I think this would be good:

- Get rid of the telnet on the routers especially if they are being accessed over the WAN and at the same time you can fix the SNMP v2 scenario

- Fix Wireless

- Update VLAN scenario.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎02-14-2013 09:10 AM

Order of importance?

- I'd get rid of the wep situation if possible. Even with mac filtering, it's simple enough to spoof the mac address and decrypt the key.

- Telnet switched over to ssh

- VLANs are going to take some planning and work to implement depending on the size of your organization. (Although, that's the same thing for 1 because you have to take into consideration how many clients you'll be affecting with the change).

My 2 bottoms would be snmp and vlan changes. I would definitely change WEP since that's a good opportunity for someone outside of your building to get access to your network.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents