Like a production network, when implementing a management network, Dell Technologies recommends that the network administrator take the necessary security measures to ensure the protection and integrity of the data and devices being used. Securing the network infrastructure is a multilayer discipline. The following are security items to consider.
- Physical security involves physical access to the infrastructure. This includes building access controls and access to the network switch and router hardware. Physical security also includes access to patch panels, cabling, and endpoints.
- Network security includes firewalls, network intrusion detection (IDS), and network intrusion prevention (IPS) systems.
- Use of network segmentation (VLANs) and Access Control Lists (ACLs). Use VLANs that group endpoints by common function, for example, accounting, executive, and engineering. ACLs allow or deny access between hosts on different VLANs or networks.
- Authentication, authorization, and accounting (AAA) are services that control entry to the network. Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control Service Plus (TACACS+) are services that manage AAA.
- Use SSH and disable Telnet.
- Use complex passwords.
There are several switch features that enable network operators to administer security for administrator access to the switch management console and to the web interface, and to configure restrictions of network access for network attached devices. It is important to understand each layer of security on your network to guard against all threats to hardware, data integrity, and data security.
For more information about available security features and how each is implemented, see the documentation that comes with your device.