Sanitize Network Device Configurations for Auditors

Posted on 2006-04-26
Last Modified: 2010-04-09
What should be sanitized for Auditors?

    Obviously all hashed passwords should be sanitized.  What else should be?

    SNMP community strings?
    IP if policy permits?
    Anything else?

Suggestions?  Comments?

Question by:awakenings

    Author Comment

    What about Running Activation Key?
    Serial Number?

    Author Comment

    tacacs-server key?
    IDSN spid?
    LVL 20

    Accepted Solution

     I'd sanitize as much as possible; including the following:
    SNMP community strings
    All public IPs if possible (or mask them out like so: x.x.x.82); private IPs don't matter (ie: 10.x.x.x, 172.16.x.x-172.31.x.x, 192.168.x.x)
    Running Activation Key
    Serial Number
    RADIUS/TACACS server keys
    ISDN spid
    All usernames and passwords
    Any circuit IDs that appear in interface descriptions

    Just my $0.02.

    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    Suggested Solutions

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now