I was wondering about how I can reduce ‘automation fear’ and I was pondering the worse case scenario – remote lockout; or more specifically, how I might be able to demonstrate due dilligence in mitigation of this problem.
“Protecting” sections of config seems like a good idea, my immediate thought was specifying key words in an authorisation policy, but this might be difficult to achieve.
Are there any features or ‘silver bullets’ on this, or is this really just a design consideration? Every management network seems at some point to route over some form of aggregation, so it might not be sufficient to state “`exclude “interface ma1″“` from config policy on an autoamtion account?
Post your Answer
You must be logged in to post an answer.