Security Protocol Use

Use services that send passwords only in encrypted form. Avoid telnet and FTP.

SNMP

Avoid the use of SNMP on routers since information for this protocol is not encrypted and can provide hackers with useful information about your network. Use SNMPv2 is SNMP use is necessary.

FTP

FTP uses port 21 for commands and 20 for data.

There are two types of FTP:

• Standard FTP - All inbound ports above 1023 must be open.
• Passive FTP - All outbound ports above 1023 must be open.

If FTP must be supported, the most secure way to support it through the firewall is to support passive FTP.