Let's talk about cw2000 security!

[kio91]

Hi!

Let's talk about security. I'm almost finished
with cw2000 installation and setup, I have to consider
security issues now.

Since it will benefit all of us I'v selected this thread as a helpful tip. I pretend to add my bit of info too!

Main issues are: (as i see so far)

1- protocol safety issues:
CW2000 needs snmp v1, and CDP enabled in devices.
ANI discovery sends SNMP requests to read CDP map
tables on routers, switchs. SNMP v1 works with cleartext
passwords, making read community open for hack attack.

can we move to snmp v3?


2- Securing The Server :
To provide network administration, Cw200 needs to have
devices telnet passwords for configuration purposes
stored in its database, thus making "the" server a main
hacker's target.

while placing an antivirus and a firewall software
is suppose to help they also make the server go to
slow...

3.- RME has three ways to grab devices configurations
(telnet, rcp and tftp), I think rcp is rather unsafe
any tips on that?

I've also would like to talk about securing the devices,but that might be best done in other forun

I will add info as I get around it, anyone see any more hazards?

Thank And Cheers

Kio91

 

[mark5047]

Security for how to access the main Cisco Works 2000 web page needs to be considered. Anyone can browse to the default port Cisco Works uses, and login with either a guest account or an admin acount. You can have the server use TACACS or RADIUS for authenticating, which is more secure than local authentication, if you have a security server available (TACACS or RADUIS) and considering how much damage you can do with this software, I highly suggest it.