With respect to securing Point to Point and Point to Multi-point systems both from unauthorized users and denial of service (intention or unintentional)attacks; and really, any interface that is public accessible. What are you guys implementing?
I’ve been experimenting with:
Wireless Access List Filters
MAC Address Filtering
NV2 Security
Hidden SSID
Max Char Length SSID (32 Characters)
Firewall Connection Limits
Bandwidth Queue Trees both at PtP Backhauls, PtMP broadcast points and PtP CPEs
SSH Port Change
Turning off Unused Services
Disabling DHCP (Static Entries Only?)
PPTP/IPSEC Tunnels for access to core Admin Network
Alpha-Numeric, frequently changes passwords (Quarterly?)
SSH Certificates
Restricting HTTP service to select IP Network
I’m sure I will add some more items as they come to mind…
I know increased security usually breaks convenience and vice versa; what lengths have you guys gone to?
