Welcome, Bye, everyone. Now we come to the comedy section of this particular one call section, which is best practices. Again, these are opinions. All right recommendations. As far as your certification, I think I asked you a question based on this on configure secure passwords, do you really need to tell anybody that if you're not configuring secure passwords to get into your out of your console, passwords, your telnet passwords, SSH, using SSH, your privileged mole passwords, all these different things? I. Yeah, we're not going to be using password one capital T. Alright, we know when to get secure passwords.
Use system banners. This I find hilarious. They're talking about the message of the data message of the day. If you don't belong to this, please go away or you will find yourself going to prison for a very long time. I know a scary message for you not to continue, which everybody ignores. All right, secure the web interface.
Obviously you want to have ACLs Yes, you want ACLs to block a whole bunch of ports that don't need to be on and definitely secure your web portal. Alright, so nobody can just get in. So here's switch console. Hello, council okay. username and password. Like if you were to do blank on zero password Cisco login local, okay, like we do not in the labs don't use use password don't don't use password Cisco, okay?
And have a username. So create a username at a certain level, so they only have certain access to what they can do. And of course, a CEOs okay to limit short hose from getting to where they need to go where they don't need to go. I should say, don't use telnet. Yeah, we know, SSH. That's what we want secure socket layers, right?
SSH SNMP. We know that nobody uses SNMP one anymore. We've talked about that because it's not secure 32 bits. It's a community string SNMP version to see. Hello. Is it better?
No, it's actually four bits. We can get bulk information, but it doesn't address the security issue. Aha SNMP version three. We have user authentication. user names groups are separated into different levels of security. Yes, encryption, Sha ds 3ds.
We're getting crypto to 256 bit using AAS. So definitely we do want if we're using SNMP, which we will be that's the one we want to go with. That's the only one to go with. Secure unused ports. The way security is for shut them now, if you're not using them shut them down. Why would they be active?
Because anybody I can tell you this, I can tell you this right now. I know for a fact there's people that go into hospitals, because I see no these two eyes. Okay? They find an empty port. Yes, a port on the wall. They have Ethernet cable, they plug it in, and now they're in.
They're not wireless. They're wired into the hospital's network. Hello. Does anybody find something wrong with this picture? Unless you're in a completely different rack That's just for gas or whatever, because you're in one of those waiting areas. What have you.
Okay, but if you're not, because what's the problem with that? You have elevated privileges. How do you log in, you won't get into an administrator. They have a limited privileges. You can run whatever program you want in their problem, shut them out. Secure SDP operations obviously, and secure the use of CDP and lldp.
If a switch or router doesn't need to be running CDP or LDP, which is the new one now for the newer certifications for the CCNA. All right, turn off, disable it, because they can use CDP neighbor detail lldp neighbor detail to take a look at your neighboring devices. Definitely and assigning information every so often. So you want to make sure that it's not sending it to a place that doesn't need to send it. Okay, so best practices Yes. Not to mention it doesn't say it on here.
How about firewalls? How about a group policies GPOs How about not having people access a particular network having separate racks, okay, separate switches and routers and wireless access points for a guest. You want to physically segment now logically with VLANs physically segment guess they're coming into your company, whether you're a hospital or school, whatever it is. So if you want to give you one of the nights when a young one has access, they need to be separate completely from your company's network. Okay? So they cannot even physically gain access to it, they will have to do such a run around through the web to try and get to where they need to go.
But again, this is where your firewalls and all that come into play. Okay. Anyway, yes, those are the best practices, what have you that they talked about? Just look at them. Their common sense, okay, their common sense, best practices. But again, it asks you something like this, or probably a multiple choice question.
And, you know, if I were to ask this, should I leave boards all the way open? Don't Don't configure ACLs shut down the ports, you know, or none of the above. You know, I would even know Humphrey, I mean, come on. Seriously, everybody in it should know The the need to security reports should is the operative word. See the next