Device Security Checklist

A security checklist is an important document containing a summary of various guidelines and instructions for secure implementations. Device security checklists can be viewed as templates for device lockdown and security implementation guidelines. You can use the following checklist as a quick summary and working guide to the cisco device security configuration.

• Device security policy written, approved, distributed, and reviewed on regular basis.
• Facilities (room, building, area) housing the devices secured—physical security.
• Password policies to ensure that good passwords are created that cannot be easily
  guessed or hacked.
• Password encryption used so that passwords are not visible when device configuration is
  viewed.
• Access methods such as Console, VTY, AUX using ACLs, and authentication mechanisms
  secured.
• Access methods such as SSH with AAA authentication chosen wisely.
• Unneeded services and protocols to be disabled.
• Unused interfaces shut down or disabled.
• Configuration hardened for network services and protocols in use (for example, HTTP
  and SNMP).
• Port and protocol needs of the network and use access lists to limit traffic flow
  identified.
• Access list for anti-spoofing and infrastructure protection and for blocking reserved and
  private addresses considered.
• Routing protocols established that use authentication mechanisms for integrity.
  Appropriate logging enabled with proper time information.
• Device's time of day set accurately, maintained with NTP.