On Thu, Jan 31, 2013 at 3:27 PM, Charlie Kaiser <charl...@golden-eagle.org> wrote: >> Harden your tenant-facing router ports as if they were Internet-facing >> (because they are). > > Not sure what you mean by harden...
As in, do as much as you can to reduce security exposure. Such as disabling any management protocols (Telnet, SSH, web, etc.) on those ports/VLANs. Basically, do everything you normally would to secure the router from attack from the Internet, except you're doing it on ports facing the tenants instead of ports facing your upstream provider. Since the tenants will be bringing the Internet to you, you need to treat them as hostile. >> Concerned that tenant A might hold management responsible for not >> catching malware coming from tenant B... Might be all about the contract, >> though... You definitely do *not* want to go down that road as an Internet provider. (As a managed services provider, sure, but for that, you can't address *only* the physical neighbors and expect that to end well.) You'll want a lawyer familiar with this stuff to draw up the legalese to make it clear that you (as the provider) are not responsible for all the bad things on the Internet (and other tenants are also on the Internet). -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
