We're currently in the process of reviewing our network access & how we can further restrict access to prevent unauthorized access. We do not allow any form of remote access outside of the corporate network so this is to protect from any internal vulnerabilities/exploits that could occur.
Currently we're using Radius off of a Windows NPS server (not the best but does the job and it's free) tied down to specific users which works a treat but anyone with AD rights could potentially add themselves and then gain access if they really wanted to. We've considered adding ACL's to the vty lines but that comes with it's only challenges & in my opinion isn't very sustainable (we're off-site often meaning we won't always be accessing kit from the same set of IP's.)
I'm interested how you all control access and if you have any recommendations for a balanced approach that maintains security but also keeps it practical.
No comments:
Post a Comment