I will pay for the following article Copyright Systech Information Technology Ltd. The work is to be 14 pages with three to five sources, with in-text citations and a reference page. This policy indicates the required minimal security configuration for all routers and switches connecting to a production network or used in production capacity at or on behalf of Systech.
All routers and switches connected to Systech production networks are covered. Routers and switches within internal, secured labs are not covered. (Routers and switches within DMZ areas fall under the Internet DMZ Equipment Policy).
Every router must meet the following configuration standards:
1. No local user accounts are configured on the router. Routers must use TACACS+ for all user authentication.
2. The enable password on the router must be kept in a secure encrypted form. Reversible encryption algorithms, such as the Cisco type 7 are unacceptable. The router must have the enable password set to the current production router password from the router’s support organization.
3. The following services or features must be disabled:
a. IP directed broadcasts
b. TCP small services
c. UDP small services
d. All source routing
e. All web services running on the router
4. The following services should be disabled unless a business need is provided:
a. Cisco discovery protocol and other discovery protocols
b. Dynamic Trunking
c. Scripting environments, such as the TCL shell
5. The following services must be configured:
b. NTP configured to a corporate standard source
6. Use corporate standardized SNMP community strings. Default strings, such as public or private must be removed. SNMP must be configured to use the most secure version of the protocol allowed for by the combination of the device and management systems.
7. Access control lists must be used to limit the source and type of traffic that can terminate on the device itself.