Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
341342343344345346347348349350
XSR Users Guide 315
Chapter 13 General Security Precautions
Configuring Security on the XSR
The attacker does not send any other packet, and the state machine of the host
remains in CLOSE_WAIT state until the keep-alive timer resets it to the
CLOSED state. To protect against this attack the XSR checks for TCP packets
with both SYN and FIN flags set. With protection always enabled, these
packets are harmlessly dropped.
This feature is supported for packets destined for the XSR. Transit packets
will be checked.
General Security Precautions
To ensure security on the XSR, we recommend you take these precautions:
Limit physical access
Avoid connecting a modem to the console port
Download the latest security patches
Retain secured backup copies of device configurations
Plan all configuration changes and prepare a back-out procedure if
they go wrong
Keep track of all configuration changes made to all devices
Create a database that tracks the OS version, description of last
change, back-out procedure, and administrative owner of all routers
Avoid entering clear text passwords in the configuration script
Be sure to change all default passwords
Use strong passwords not found in the dictionary
Change passwords when the IT staff departs
Age passwords after 30 to 60 days
Grant the correct privilege levels to particular users only
Set reasonable timeouts for console and remote management sessions
If you must enable PPP on the WAN, use CHAP authentication
Disable all unnecessary router services (e.g., HTTP, if not used)
Write strict ACLs to limit HTTP, Telnet and SNMP access
Write ACLs to limit the type of ICMP messages