Article Sidebar oct2006.tar

Interface Checklist

Ethernet

  • Have unused Ethernet interfaces been removed? Yes/No. If no, explain why not.
  • Have unused Ethernet interfaces that could not be removed? Yes/No/NA. If no, explain why not.
  • Has the MAC address been provided to the security group? Yes/No. If no, explain why not.

Network

Network: IP

  • Has the console server been placed in a DMZ? Yes/No. If no, explain why not.
  • If the console server has not been placed in a DMZ, has it been placed in a dedicated management network? Yes/No/NA. If no, explain why not.

Network: Telnet

  • Has telnet access to the console server been disabled? Yes/No. If no, explain why not.
Network: Secure Shell

  • Has support for Secure Shell Version 1 been disabled? Yes/No. If no, explain why not.
Network: SNMP

  • Has unneeded SNMP public and private access been disabled? Yes/No/NA. If no, explain why not.
  • Has needed SNMP public and private communities been encryption enabled? Yes/No/NA. If no, explain why not.
  • Has management stations been defined in the console server to only allow access from those management stations via SNMP? Yes/No/NA. If no, explain why not.

Network: HTTP

  • Has HTTP access to the console server been disabled? Yes/No/NA. If no, explain why not.

Network: HTTP with SSL

Network: FTP/TFTP/scp

  • Has FTP been disabled on the console server? Yes/No/NA. If no, explain why not.
  • Has TFTP been disabled on the console server? Yes/No/NA. If no, explain why not.

Network: NTP

  • Has NTP been configured to use at least two NTP servers? Yes/No. If no, explain why not.

Wireless

  • Has unused wireless interfaces been removed? Yes/No/NA. If no, explain why not.
  • Has unused wireless interfaces that cannot be removed been administratively disabled? Yes/No/NA. If no, explain why not.
  • Has wireless been configured to uses the highest encryption level supported by the console server? Yes/No. If no, explain why not.

Console Ports

  • Have unused console ports been disabled? Yes/No. If no, explain why not.
  • Have used port access been defined on a per user or group basis? Yes/No. If no, explain why not.

Modem

  • Have unused modems been removed? Yes/No. If no, explain why not.
  • Have unused modems that cannot be removed been administratively shut down?

    •