shellsharks@infosec.pubM to cybersecurity@infosec.pubEnglish · 8 months agoWhat are You Working on Wednesdaymessage-squaremessage-square11fedilinkarrow-up112arrow-down12file-text
arrow-up110arrow-down1message-squareWhat are You Working on Wednesdayshellsharks@infosec.pubM to cybersecurity@infosec.pubEnglish · 8 months agomessage-square11fedilinkfile-text
minus-squareslazer2au@lemmy.worldlinkfedilinkEnglisharrow-up2·8 months agoWorking on an Ansible playbook to configure our security baseline over all the network devices we manage.
minus-squareRedFox@infosec.publinkfedilinkEnglisharrow-up2·8 months agoCan you share any of the baseline that’s not specific to your org/sensitive? What sources are you using as a reference?
minus-squareslazer2au@lemmy.worldlinkfedilinkEnglisharrow-up1·8 months agoI am using the Cisco hardening guide with some tweeks. https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html Covers things like only allowing sshv2, enable logging of commands to syslog, disabling the switch web servers.
minus-squareRedFox@infosec.publinkfedilinkEnglisharrow-up1·8 months agoNice. You guys allowing the playbooks to configure or just audit?
minus-squareslazer2au@lemmy.worldlinkfedilinkEnglisharrow-up2·8 months agowe use the playbooks to configure, the trick is to do it in an idempotent way so when something is changed it doesn’t kick off alarm bells. SNMPv3 is my current bane as snmpv3 accounts are not stored in running config so snmp always says something is changed.
Working on an Ansible playbook to configure our security baseline over all the network devices we manage.
Can you share any of the baseline that’s not specific to your org/sensitive? What sources are you using as a reference?
I am using the Cisco hardening guide with some tweeks.
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html
Covers things like only allowing sshv2, enable logging of commands to syslog, disabling the switch web servers.
Nice. You guys allowing the playbooks to configure or just audit?
we use the playbooks to configure, the trick is to do it in an idempotent way so when something is changed it doesn’t kick off alarm bells.
SNMPv3 is my current bane as snmpv3 accounts are not stored in running config so snmp always says something is changed.