var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', '']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + ''; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Thursday, June 23, 2011

Control 4 - Secure Configurations of Network Devices Such as Firewalls, Routers, and Switches

Control 4 is similar to Control 3 in that it is concerned with maintaining a secure configuration. This time the focus is on network devices.

What is the last thing you did on your network devices? Likely it was add a rule to permit a new traffic flow. When was the last time you made sure the configuration is exactly what you expected?

Where to start?
Several authoritative hardening guides exist and are freely available. Choose one of the below and plan to spend a few hours making sure your network device configurations are secure.

             CheckPoint Firewall Benchmarks
             Cisco Device Benchmarks
             Juniper Device Benchmarks
             Network Device Benchmarks
             Novell Netware Benchmarks
             Wireless Network Devices Benchmarks

What else?

Always maintain an updated network diagram. I know. You still should.

Change control forms should be completed (with appropriate approvals) before logging in to the device.

Speaking of logging in, require two factor authentication for every device login.

Alert all administrators of all attempted logins and rule changes.

Compare the current configuration of your network devices to a known good configuration.


  1. Great article about Control 4, I definitely learned a lot from this article.
    US VPN

  2. Not much difference from Control 3 but thank you for these useful tips.