Best practice for limiting network management to few devices
Hello ,
I have set up a very basic security implementation that is no way realistic, but I just want to experiment and learn...
In my 1801 router that answers DHCP requests on separate wired and wireless vlans, I have bound static IP addresses to the MAC addresses of my laptop wireless and wired interfaces.
Then I set up an ACL to permit inbound traffic from these IPs only for the vty lines.
Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.
What is the best practice in professional environments?
Thanks.
Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.
TACACs or RADIUS with robust password policy and regular interval to change the passwords (30 to 45 days).
Read this and go to the "Composing hard-to-guess passwords" section.
Similar Messages
-
Req:SAP Best practice for the Funds Management
Dear all,
Let me know where I can get the SAP Best practice for the Funds Management . Waiting for your valuable reply.
Regards
ManoharHello Manohar,
You can find documentation in links below:
Industry Solution Master Guide - SAP for Public Sector:
https://websmp105.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000065911
SAP Best Practices for Public Sector:
http://help.sap.com/ SAP Best Practices -> Industry Packages -> Public
Sector
Online Library for Funds Management:
http://help.sap.com/saphelp_erp2005vp/helpdata/en/41/c62c6d6d84104ab938a
a7eae51db06/frameset.htm
I hope it helps
Best Regards,
Vanessa Barth. -
Best practice for highly available management / publishing servers
I am testing a highly available appv 5.0 environment, which will deploy appv packages to a Xenapp farm. I have two SQL 2012 servers configured as an availability group for the backend, and two publishing / management servers for the front end.
What is the best practice to configure the publishing / management servers for high availability? Should I configure them as an NLB cluster, which I have tested and does seem to work, or should I just use the GPO to configure the clients to use both
publishing servers, which I have also tested and appears to work?
Thanks,
Patrick SullivanIn App-V 5.0 the Management and Publishing Servers are hosted in IIS, so use the same approach for HA as you would any web application.
If NLB is all that's available to you, then use that; otherwise I would recommend a proper load balancing solution such as Citrix NetScaler or KEMP LoadManager.
Please remember to click "Mark as Answer" or "Vote as Helpful" on the post that answers your question (or click "Unmark as Answer" if a marked post does not actually
answer your question). This can be beneficial to other community members reading the thread.
This forum post is my own opinion and does not necessarily reflect the opinion or view of my employer, Microsoft, its employees, or other MVPs.
Twitter:
@stealthpuppy | Blog:
stealthpuppy.com |
The Definitive Guide to Delivering Microsoft Office with App-V -
Best Practices for Organizational Change Management
Hooray! Finally an opportunity to take this forum back to its proper direction of Organizational Change Management topics as we begin to engage with some subject matter experts in OCM.
Those interested in having OCM conversations here are also welcome to begin interaction with this <a href="https://https://www.benchmarking.sap.com/cgi-bin/qwebcorporate.dll?idx=945JDN&SHSP1Q2A=asugEMAIL061907">OCM best practices survey</a>. It would give community a chance to engage with ASUGers around the topic of organizational change and give ASUGers a chance to broaden the Americas centric perspective. So welcome all.
Looks like
<a href="/people/kerry.brown/blog/2007/07/10/organizational-change-management-best-practices-survey Brown</a> will be helping put this topic back on course. Looking at her blog profile, I, for one, am most eager for her engagement with us here.Hai,
Organizational Structure
Use
In order for the workflow system to establish the relationship between the requester and their superior, you must create an organizational plan in the system.
For this tutorial, of course, this organizational plan does not have to be complete and valid across the enterprise. To keep the test as simple as possible initially, define an organizational plan that only contains one administrator and one head of department.
Assign both items to yourself. As a result, all work items will appear in your own Business Workplace. Later you will modify the organizational plan such that you will have to work through the scenario with two users.
Procedure
The organizational plan required for this tutorial consists, when complete, of one organizational unit (= "department"), which contains two positions: a head of department and an administrator.
Each position is described by one job and each position is assigned one user as holder. The head of department position is also designated as chief position of the organizational unit.
Of course, a "real" organizational plan is created by arranging several organizational units with their positions in a hierarchy. Usually several positions are described by one job.
For further information, refer to the documentation Organizational Plan.
The procedure in this unit is divided into four parts:
1. You create an organizational unit.
2. Enter necessary jobs as required.
3. You create a position for the head of department in the new organizational unit.
You define a position in three steps:
i. You create a position that is assigned your organizational unit.
ii. You assign a holder to the position.
iii. You assign a job to the position.
3. You create a position for the administrator in the organizational unit.
Creating an organizational unit
1. Choose Tools  SAP Business Workflow  Development Definition tools  Organizational Management  Organizational plan  Create.
2. Confirm the validity period proposed in the dialog box Creating a Root Organizational Unit.
This takes you to the Create Organization and Staffing (Workflow) screen. This user interface is divided into four screen areas:
3. On the Basic Data tab in the details area, enter an abbreviation and a name in the Organizational unit input fields.
Abbreviation: <ini_sales>
Name: <OrgUnit: Sales (ini)>
4. Choose .
You can now create the position for a head of department and one administrator.
Create jobs
When enhancing an organizational unit, the necessary jobs are usually already available. For this tutorial however, you create the necessary jobs for head of department and administrator yourself.
1. Choose Edit  Create jobs.
You go to the dialog box Create jobs. The lower area contains a list of existing jobs and the upper area contains an input table in which you can create new jobs by entering abbreviations and names.
2. In the input table, enter an abbreviation and a name for each of the new jobs.
Job - head of department:
Object abbreviation: < ini_dhead_C >
Name: < job: head of department (ini) >
Job administrator:
Object abbreviation: < ini_admi_C >
Name: < job: administrator (ini) >
3. Choose .
Creating Position for Head of Department
1. Change to the overview area in the staff assignments of the organizational unit, in order to assign positions, jobs and holders. Choose the arrow on the right next to the and then the staff assignments (list).
2. Choose .
A new position is then created in the staff assignments and is displayed in a new line in the table. The position is vacant and no job is assigned to it.
3. Open the details view for the new position in the details area by double-clicking on the entry in the table.
4. On the Basic Data tab, enter a code and a description in the Position input fields. Overwrite the previous contents.
Abbreviation: < ini_dhead_S >
Description: < position: head of department ( ini ) >
Assigning a holder to the position
You now assign R/3 users to the positions. The staff assignments for your organizational unit are displayed and you see the vacant position in the table.
5. Select User in the search area and enter the search criteria in order to find your user names.
All of the user names that match your search criterion are listed in the selection screen.
6. Select your user name in the selection area and drag it to the Person/User column of the position in the overview area.
Confirm the message that the relationship period of the validity has been changed.
7. Set the Head of own organizational unit indicator in the details area.
Assigning a job to the position
Assign the job of the head of department you created earlier to the position.
8. Select Job in the search area and enter the search criteria in order to find the job of the head of department.
All jobs that match your search criterion are listed in the selection screen.
9. Select job: head of department ( ini) in the selection area and drag it to the Job column of the position in the overview area.
10. Choose .
The job is assigned the position. Check this by switching to the staff assignments of the organizational unit. Select the organizational unit in the overview area, choose the arrow on the right next to the and then the staff assignments (list). The newly created job is displayed in the job column.
Create position for administrator and assign holder and job
You are now in the staff assignments of the organizational unit.
1. Choose .
A new position is then created in the staff assignments and is displayed in a new line in the table. The position is vacant and no job is assigned to it.
2. On the Basic Data tab in the details area, enter an abbreviation and a name in the Position input fields. Overwrite the previous contents.
ID: <ini admiS >
Description: < position: administrator ( ini ) >
3. Choose .
4. Select User in the search area and enter the search criteria in order to find your user names.
5. Select your user name in the selection area and drag it to the Person/User column of the position in the overview area.
Confirm the message that the relationship period of the validity has been changed.
6. Select Job in the search area and enter the search criteria in order to find the job of the administrator.
7. Select job: administrator ( ini) in the selection area and drag it to the Job column of the position in the overview area.
8. Choose .
Result
Display your entire staffing schedule again and make sure that all the information listed is correct.
You can display a detailed view of jobs, users, and positions. Choose the relevant cell in the table by double-clicking it.
In the details view of a position or job, all of the assigned tasks are displayed on the Tasks tab.
You have now completed the first unit (defining the organizational plan). You can now start on the next unit. To exit processing of the organizational structure, choose Back. -
Best practice for core data managed objects
Hello
I'd like to konw if there is a document available listing the good practices when managing core data managed objects.
For example should I keep those objects in memory in a singleton class, or save thme to the DB and load them when needed, ... I am trying to figure out how to manage Annotation views representing managed objects when using the MapKit.
ThanksSeen this?
Using Managed Objects -
Best practices for accessing remote management
So, I've been looking into consolidating and moving our servers and such to a colocation datacenter. A problem for me that arises from moving is, what do we do about our remote access?In a private office enviornment, I haven't ever opened up VMWare vCenter to the open internet, nor have I ever opened up DRAC/iLO past our firewall to the net. I've always just had all that management stuff hanging out on its own subnet/VLAN and I haven't ever bothered with giving remote access to anyone, really. (Well, I did once set up a windows box to allow me to RDP in and opened up the firewall for that RDP so I could then access that management VLAN from that PC)Moving to a colocation facility makes me wonder, what does everyone else do for this? Would one have a VPN configured on a router in their colo space and remote in that way, and if the...
This topic first appeared in the Spiceworks CommunityHarvard University recently announced that on June 19, 2015, it discovered an intrusion into the IT networks of the Faculty of Arts and Sciences and Central Administration."Since discovering this intrusion, Harvard has been working with external information security experts and federal law enforcement to investigate the incident, protect the information stored on our systems, and strengthen IT environments across the University," university provost Alan Garber and executive vice president Katie Lapp said in a statement."At this time, we have no indication that personal data, research data, or PIN System credentials have been exposed," Garber and Lapp added. "It is possible that Harvard login credentials (username and password) used to access individual computers and University email accounts have been exposed."...Read More
Read More -
Best practice for setting up iCloud with multiple devices using a single AppleID
Hi there
Me and my wife have an iPhone each, and are looking at getting both of us using iCloud. The problem is that we only use one Apple ID for our music library.
Is getting a separate Apple ID necessary for each device on iCloud, or can multiple devices have seperate settings/photos/music, etc.?Using different Apple ID for iCloud is not necessary, but in most cases it is recommended.
You can however choose to use separate Apple IDs for iCloud and continue to use the same Apple ID for iTunes, thereby being able to share all your purchases of music, apps and books. -
Best practice for code structure to control multiple devices in a 2 stage-sequ​ence
I have a question about code architecture and getting multiple devices controlled and sychronized for one experiment. This is an "architecture"-type inquiry, so I am hoping for some suggestions on how to proceed.
I run an experiment in which I control 2 NI PCI-6733. I am soon to add a Tektronix AFG 3022B, and have long been putting off an opportunity to rewrite my labview code from the ground up. I inherited it from an earlier research, and while functional, I would like to make it easier to modify and break up into subVi's and such. Link to the current program (labview 8.6.1) is here if you would like to see the code that is currently used, and the subvi's are in a zip file. The current version of the experiment consists of just one stage, all the writing of the data to the PCI cards is saved for the end. I need to change this in my new setup though.
The new experiment consists of 2 stages. The first will run (looping an output array to the PCI cards) until it hears a "true" from another computer (connected via TCP). At that point, it should switch to stage 2 and run a sequence (usually 10^5 timeunits in length, where the time unit is 0.1 ms) that outputs to the two PCI cards, the AFG 3022B, and with the flexibility to add more devices in the future.
Most appreciated would be structural advice. How to arrange the VIs, if it's good to use a "master" VI that would control the two subVi's of stage 1 and 2, etc... Feel free to ask for more details if it would help clarify my question. Thanks!
Solved!
Go to Solution.Programs of this type usually use a state machine of some sort. You can find many tutorials on LabVIEW state machines in these forums or the LAVA forums. If you are doing a rewrite, I would also recommend you consider LabVIEW classes. They help modularize your code and make the subparts more reuseable. You may end up with less to maintain, as a result.
<shamelessPlug>You may also want to consider TestStand. It was designed to run sequences of tests, so may make your life easier. It could also be gross overkill.</shamelessPlug>
Let us know if you run into issues with state machines or classes.
This account is no longer active. Contact ShadesOfGray for current posts and information. -
Best Practice For SAP CRM Case Management
Hi,
Could someone please point to best practices for CRM Case Management. I have lokked all over and I found all the best practices except for case management.
Your assistance will be appreciated.
MartinHi Martin,
I was just working on case management and there is no best practice documentation but the following link was most helpful.
http://help.sap.com/saphelp_nw04/helpdata/en/5c/5d79287a9afc47a62e5197b582cc97/frameset.htm
Let me know if you need further assistance. -
Best Practices for Service Entry Sheet Approval
Hi All
Just like to get some opinion on best practices for external service management - particularly approval process for Service Entry Sheet.
We have a 2 step approval process using workflow:
1 Entry Sheet Created (blocked)
2. Workflow to requisition creator to verify/unblock the Entry Sheet
3. Workflow to Cost Object owner to approve the Entry Sheet.
For high volume users (e.g. capital projects) this is cumbersome process - we looking to streamline but still maintain control.
What do other leaders do in this area? To me mass release seems to lack control, but perhaps by using a good release strategy we could provide a middle ground?
Any ideas or experiences would be greatly appreciated.
thanks
AC.Hi,
You can have purchasing group (OME4) as department and link cost center to department (KS02). Use user exit for service entry sheet release and can have two characteristics for service entry sheet release, one is for value (CESSR- LWERT) and another one for department (CESSR-USRC1) .Have one release class for service entry sheet release & then add value characteristics (CESSR- LWERT) and department characteristics (CESSR-USRC1). Now you can design release strategies for service entry sheet based on department & value, so that SES will created and then will be released by users with release code based on department & value assigned to him/her.
Regards,
Biju K -
Best practice for ASA Active/Standby failover
Hi,
I have configured a pair of Cisco ASA in Active/ Standby mode (see attached). What can be done to allow traffic to go from R1 to R2 via ASA2 when ASA1 inside or outside interface is down?
Currently this happens only when ASA1 is down (shutdown). Is there any recommended best practice for such network redundancy? Thanks in advanced!Hi Vibhor,
I test ping from R1 to R2 and ping drop when I shutdown either inside (g1) or outside (g0) interface of the Active ASA. Below is the ASA 'show' failover' and 'show run',
ASSA1# conf t
ASSA1(config)# int g1
ASSA1(config-if)# shut
ASSA1(config-if)# show failover
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER GigabitEthernet2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 60 maximum
Version: Ours 8.4(2), Mate 8.4(2)
Last Failover at: 14:20:00 SGT Nov 18 2014
This host: Primary - Active
Active time: 7862 (sec)
Interface outside (100.100.100.1): Normal (Monitored)
Interface inside (192.168.1.1): Link Down (Monitored)
Interface mgmt (10.101.50.100): Normal (Waiting)
Other host: Secondary - Standby Ready
Active time: 0 (sec)
Interface outside (100.100.100.2): Normal (Monitored)
Interface inside (192.168.1.2): Link Down (Monitored)
Interface mgmt (0.0.0.0): Normal (Waiting)
Stateful Failover Logical Update Statistics
Link : FAILOVER GigabitEthernet2 (up)
Stateful Obj xmit xerr rcv rerr
General 1053 0 1045 0
sys cmd 1045 0 1045 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 2 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 5 0 0 0
User-Identity 1 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 9 1045
Xmit Q: 0 30 10226
ASSA1(config-if)#
ASSA1# sh run
: Saved
ASA Version 8.4(2)
hostname ASSA1
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface GigabitEthernet0
nameif outside
security-level 0
ip address 100.100.100.1 255.255.255.0 standby 100.100.100.2
ospf message-digest-key 20 md5 *****
ospf authentication message-digest
interface GigabitEthernet1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
ospf message-digest-key 20 md5 *****
ospf authentication message-digest
interface GigabitEthernet2
description LAN/STATE Failover Interface
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet4
nameif mgmt
security-level 0
ip address 10.101.50.100 255.255.255.0
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
ftp mode passive
clock timezone SGT 8
access-list OUTSIDE_ACCESS_IN extended permit icmp any any
pager lines 24
logging timestamp
logging console debugging
logging monitor debugging
mtu outside 1500
mtu inside 1500
mtu mgmt 1500
failover
failover lan unit primary
failover lan interface FAILOVER GigabitEthernet2
failover link FAILOVER GigabitEthernet2
failover interface ip FAILOVER 192.168.99.1 255.255.255.0 standby 192.168.99.2
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715-100.bin
no asdm history enable
arp timeout 14400
access-group OUTSIDE_ACCESS_IN in interface outside
router ospf 10
network 100.100.100.0 255.255.255.0 area 1
network 192.168.1.0 255.255.255.0 area 0
area 0 authentication message-digest
area 1 authentication message-digest
log-adj-changes
default-information originate always
route outside 0.0.0.0 0.0.0.0 100.100.100.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.101.50.0 255.255.255.0 mgmt
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 10.101.50.0 255.255.255.0 mgmt
ssh timeout 5
console timeout 0
tls-proxy maximum-session 10000
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:fafd8a885033aeac12a2f682260f57e9
: end
ASSA1# -
Hi All,
I would like to know if there is any best practice document for Firewall logging. This would include
1. What level of logging is ideal
2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.
This can include for various industries like IT, Banking etc.
Any document pertaining to these would be helpful. Thanks in advance.
Regards,
ManojHi All,
I would like to know if there is any best practice document for Firewall logging. This would include
1. What level of logging is ideal
2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.
This can include for various industries like IT, Banking etc.
Any document pertaining to these would be helpful. Thanks in advance.
Regards,
Manoj
Manoj,
Check out the below link for best practice for logging and prerequiste in cisco devices.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#logbest
http://www.ciscopartner.biz/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1110908
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
Tips n Tricks/Best Practices for integrating iPhone, iPad and MacBook Pro
My wife just purchased an iPhone, iPad and Macbook Pro for her non profit consulting business and I was wondering if a tips and tricks or best practices for efficiently and productively integrating these devices exists?
http://www.apple.com/icloud/
-
Does anybody have a copy of the above referenced presentation that you could send me.
Thanks in advanced.
The presentation can be purchased at the following site:
http://www.scribd.com/doc/33211957/BRKVVT-2011-Best-Practices-for-Migrating-Previous-Versions-of-Cisco-Unified-Communications#archive
but felt I ask one of my peeps first.
Thanks in advanced.
DennisHi Dennis,
Well..let's give this a try
Cheers!
Rob -
Best practices for setting up users on a small office network?
Hello,
I am setting up a small office and am wondering what the best practices/steps are to setup/manage the admin, user logins and sharing privileges for the below setup:
Users: 5 users on new iMacs (x3) and upgraded G4s (x2)
Video Editing Suite: Want to connect a new iMac and a Mac Pro, on an open login (multiple users)
All machines are to be able to connect to the network, peripherals and external hard drive. Also, I would like to setup drop boxes as well to easily share files between the computers (I was thinking of using the external harddrive for this).
Thank you,Hi,
Thanks for your posting.
When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
For more and detail information, please refer to:
Best Practices for Adding Domain Controllers in Remote Sites
http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
Regards.
Vivian Wang
Maybe you are looking for
-
I have a power book g4 can i upgrade my current os 10.4.11 to 10.6
I would like to up grade my power book g4 from its current os 10.4.11 to 10.6.8. Is this possible
-
Part of logo missing when exporting to PDF
I'm running ID CS6 and Acrobat Pro X. When I export a document as a PRINT or INTERACTIVE pdf, part of my logo goes missing. The funny thing is that our design team are all running the same programs and 3 of our members can view the logo completely, t
-
ITunes went asian on me. Can't fix it.
I was burning some discs last night and my itunes suddenly froze up. I closed it and reopened it and everything was in chinese characters. Since I don't read chinese I uninstalled and reinstalled thinking it would fix it, but had no luck. It's still
-
Is there any way to make it so that I can use the F buttons, not the picture shown on them? For example, how could I press F3 to take a picture in War Craft 3 instead of pressing it and making the sound go off? Thanks for the help! Sorry if this goes
-
I want to take an array (e.g. [1,3,5,7,8]) and apply a function to each member, and then return an array afterwords (e.g. [exp(1) -2, exp(3) -2, exp(5) -2, exp(7) -2, exp(8) -2)] ) Could someone please tell me how to do this. I would very much ap