by Here is a list of things to check for on a manual console review for a firewall, switch, wireless controller, router, etc, and there is not a security best practice guide for that specifc device:
- Rule base for the use of ANY for SOURCE/DESTINATION/SERVICE or overly permissive, such as allowing large ranges (e.g. x.x.x.x/16)
- Rules which allow clear-text protocols (e.g. telnet/ftp)
- Rules allow excessive access to management protocols
- Check hashes for weak passwords if included
- Check for comments against each rule to state what it’s for and if temporary
- Test/Temporary rules should be removed when done and maybe comment not to include on production if applicable
- Check against documentation where provided.
- Enable logging for each rule (exceptions to be commented on)
- NTP configured
- NTP authenticated
- Syslog enabled
- Password policy enforced
- SNMP settings
- Hashing method for creds (e.g. not using MD5 but SHA2+)
- Centralised authentication recommended
- No shared generic admin accounts (e.g. only 1 admin user configured).
- Logon banner
- Restricted admin access
- Weak protocols not used for admin
- Console timeouts