It is recommended to implement the separation of management and data/customer traffic in your Juniper devices (e.g. QFX Series Switches, MX Series). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, implement central network management that can impose security protocol to…
Tag: <span>best practice</span>
Here’s some Best practices that you can implement in Juniper devices in securing your SSH. 1.Remote access should be via SSH and telnet is disabled delete system services telnet 2. SSH should be version 2 or higher. Do not run v1 set system services ssh protocol-version v2 3. Configure Login Banner set system login message “\n*************************************************************************\n UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED\n\nYou must have explicit, authorized permission to access or configure this \ndevice.Unauthorized attempts and…
1.Remote access should be via SSH and telnet is disabled IOS-XR: no telnet ipv4 server Nexus OS: no feature telnet feature ssh feature tacacs+ 2. SSH should be version 2 or higher. Do not run v1. IOS-XR: ssh server v2 ssh server vrf management Nexus OS: ssh server v2 ssh server vrf management ssh timeout 60 3. Configure SSH logging IOS-XR: ssh server logging 4. Configure Login Banner IOS-XR: banner login ^C ************************************************************************* UNAUTHORIZED ACCESS TO…
Leave a Comment