Foundation Summary
The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your CSI exam, a well-prepared CSI candidate should at a minimum know all the details in each "Foundation Summary" section before taking the exam.Table 10-3 shows a summary of the common network management protocols used, their function, and communication ports used in network management.
Protocol | Security Features | Function | Ports |
---|---|---|---|
Secure Socket (SSH) | SSH encrypted payload, password authentication | Remote access | TCP port 22 |
Secure Sockets Layer (SSL) | SSL encrypted payload, password authentication | Remote access | TCP port 443 |
Telnet | Telnet clear text, password authentication | Remote access | TCP port 23 |
System Log (syslog) | Clear text, no authentication | Reporting and logging | UDP port 514 |
Simple Network Management Protocol (SNMP) | Community string protected (password), clear text until version 3.0. | Network monitoring and control | UDP port 161UDP port 162 |
Trivial File Transfer Protocol (TFTP) | No password protection, clear text | File management | UDP port 69 |
Network Time Protocol (NTP) | Cryptographic authentication from version 3 and later | Time synchronization | UDP 123 |
- You should always use out-of-band management in preference to in-band management because it provides the highest level of security. However, for a cost-effective security deployment, you might have to use in-band management.
- Where management traffic flows in-band, you need to place more emphasis on securing the transport of the management protocols. Consequently, you need to make this transport as secure as possible by using a secure tunneling protocol, such as IPSec, when using insecure management protocols such as Telnet and TFTP.
- Encrypt TFTP traffic within an IPSec tunnel wherever possible to reduce the chance of it being intercepted.
- Unless you are using SNMPv3, it is recommended that you use SNMP read-only community strings. Also, restrict device access to only the management consoles by use of SNMP access control.
- To mitigate against NTP attacks, it is recommended that you use version 3 cryptographic authentication and implement ACL restrictions to NTP synchronization peers.
- If a device that requires management resides outside the network, you should use an IPSec tunnel to manage that device. This tunnel should originate from the management network and terminate directly on the device.
- You should use ACLs at all times to restrict access to management information. Any attempt from a nonmanagement address should be denied and logged.
- Enable RFC 2827 filtering, where appropriate, to prevent an attacker from spoofing management addresses.
- Where you cannot secure management data due to device limitations, always be aware of the potential for data interception and falsification.
