Log OSPF Adjacency Changes
Details Logging changes to the BGP peering relationships is recommended. Rationale: Any logged changes in a routing peer relationship will...
- Home
- Security Hardening
- CIS Cisco NX OS L1 V1.0.0
CIS Cisco NX OS L1 V1.0.0
Restrict Access to VTY Sessions – line vty access-class
Details Restrict Management Access to trusted management stations and VLANs. Rationale: Exposing the management interface too broadly exposes that interface...Restrict Access to VTY Sessions – VTY ACL
Details Restrict Management Access to trusted management stations and VLANs. Rationale: Exposing the management interface too broadly exposes that interface...Set Interfaces with no Peers to Passive-Interface
Details By default, OSPF will advertise via multicast to solicit peers, and will listen for neighbor / peer advertisements on...Set password length for local credentials
Details Password length should be set to some value that makes compromising any captured hashed difficult. This generally means that...Set password lifetime, warning time and grace time for local credentials
Details NX-OS has commands to adjust the permitted lifetime of passphrases for local credentials, as well as the ‘warning time’...Use Dedicated ‘mgmt’ Interface and VRF for Administrative Functions – ntp
Details Vendors provisioning dedicated management interfaces is a widespread practice, and gives some significant security advantages when implementing: SSH access...Use Dedicated ‘mgmt’ Interface and VRF for Administrative Functions – snmp-server host
Details Vendors provisioning dedicated management interfaces is a widespread practice, and gives some significant security advantages when implementing: SSH access...Use Dedicated ‘mgmt’ Interface and VRF for Administrative Functions – snmp-server traps/informs
Details Vendors provisioning dedicated management interfaces is a widespread practice, and gives some significant security advantages when implementing: SSH access...Use Dedicated ‘mgmt’ Interface and VRF for Administrative Functions – logging
Details Vendors provisioning dedicated management interfaces is a widespread practice, and gives some significant security advantages when implementing: SSH access...