The goal of management plane security is to ensure only legitimate users are allowed access to the network devices, and the device is available at all times to be accessed from the NOC.
Some of the best practices to be followed for management plane security are:
- Allow all management traffic to the devices only from the NOC. Organizations should also consider using a jump server to telnet/ssh into the devices and only allow a single device IP address to access the devices.
- Allow SNMP only from the SNMP management servers. Block SNMP attempts from all other IP sources using ACLs.
- Use secure forms of authentication; for example, use ssh instead of telnet to login into devices, wherever possible.
- Use SNMPv3 wherever ...