This isn't an active design challenge that I have, but I'd like to have an idea about how you all are securing your management environments today.
- Are you relying on special jump hosts, VDIs, or VPNs for your administrators to use?
- Do you have a physical NOC set up with its own privileged subnet?
- Are you leveraging 801.1x or similar technologies to ensure your administrators' devices are assigned to privileged subnets?
- Are you not putting any network-based restrictions on access to management IP addresses?
- Have you adopted some alternative strategy?
The Jump Host option seems extremely dangerous, since a network failure could prevent you from accessing the very infrastructure you need to fix the network. But leaving everything open, particularly for out of band, seems risky too (anyone with the console line credentials could access a network device).
I would approach this by using 802.1x to ensure that all administrators belong to a special IP subnet, and allow that subnet access to the VTY lines and out of band terminal servers. If 802.1x wasn't an option, I probably would allow the entire enterprise IP space to have access to the VTY lines, but set up a special jump host for out-of-band access.
What do you guys think? How are you doing things today / how would you prefer to do things if you could re-engineer your network?
No comments:
Post a Comment