Remote configuration options SHALL be disabled on all networking hardware in the business, and secure local configuration options SHALL be utilized with a preference for direct physical connections.
Each piece of networking hardware has methods for admin-level access and configuration of device settings. These methods can vary widely in terms of security. Always ensure that Remote Management options are disabled. If enabled, this method allows users on insecure networks, such as the Internet, to access your device's configuration settings. From within your business network, you can perform secure Local Management on networking hardware using protocols like HTTPS and Secure Shell (SSH). The most secure way to configure networking hardware is to require a direct connection to the hardware from a device such as a laptop. This connection typically takes place using a serial cable or patch cable. On networks that process and store a large volume of sensitive data, this should be the default method for access, with all other management methods disabled.