CIS Benchmark Cisco Meraki: Administrative and Dashboard Access

This post is focusing on building the Center for Internet Security (CIS) Benchmark for Cisco Meraki. CIS is one of the most respected institutions when it comes to security standards, with CIS Controls being one of the most widely used resources for implementing and securing infrastructures. This benchmark is considered a prescriptive configuration recommendation for Cisco Meraki. The first section of the Benchmark will focus on Administrative and Dashboard Access. 

Why do we need a Benchmark?

Following the configuration guides can sometimes be complicated and without having a logical connection between the different documents, it's almost impossible to ensure that all the necessary security features are enabled. In order to streamline the security implementation, it is recommended to follow security standards. One of the most widely used security standards is CIS Controls, due to its very detailed and practical way of describing the technical and organizational safeguards to build a secure infrastructure. I decided to join CIS as an Editor and Subject-Matter Expert to help the community and the rest of the world. 

Fig.1 CIS Editor with focus on Cisco Meraki

Who is this benchmark for?

This benchmark is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Cisco Meraki equipment and solutions.

Administrative and Dashboard Access

Administrative Accounts

There are 2 basic types of dashboard administrators: Organization and Network. Organization administrators have access to the entire organization with all the networks, while network administrators are limited to the individual networks and their devices. We need to make sure to use named accounts that are not shared, in order to minimize the risk of unauthorized access and ensure accurate audit trails. We also need to go through the list periodically and revoke access as necessary. 

Fig.2 Administrative and Dashboard Access (Beta)

Audit Procedure

Log into the Meraki Dashboard, go to Organization -> Configure -> Administrators, and go through the list to make sure there are no shared logins, like "info", "support", "VendorX" etc.

Mapping: CIS 8.1 Control 5.

Network Admin Accounts

Network access need to be granted only where required, preferably in read-only mode. If network-level administrators are granted more privileges than required, they may accidentally or maliciously alter configurations across the networks that they have been granted access to. This can cause service outages, security policy violations or exposure of sensitive data. It is necessary to do periodical review and revoke unnecessary access. 

Audit Procedure

Log into the Meraki Dashboard, go to Organization -> Configure -> Administrators, and go through the list of network accounts to make sure there are no shared logins, like "info", "support", "vendorX" etc.

Mapping: CIS 8.1 Control 5

Role-Based Access Control

Accounts with higher privileges than necessary pose significant security risks. Implementing Role-Based Access Control reduces the attack surface. Failure to implement proper role-based controls in the Meraki Dashboard increases the risk of unauthorized or excessive administrative access. Overprivileged accounts can cause accidental or malicious changes to the organization. Organizational data might also be exposed.

Fig.3 Role-Based Access Control (Beta)

Audit Procedure

Log into the Meraki Dashboard, go to Organization -> Configure -> Administrators, verify the organization and network level access for all accounts, with focus on the custom role assignments. Audit Camera access permissions. Verify if the existing roles match the documented process of the organization for assigning role-based access account. Compare results to the last dated role-based access control audit.

Mapping: CIS 8.1 Control 6.8

Multi-Factor Authentication

Enforcing Two-Factor Authentication protects from unauthorized access in case the password of the administrator is compromised. This reduces the risk of account takeover, unauthorized configuration changes and security breaches.If two-factor authentication (2FA) is not enforced for all Meraki Dashboard logins, accounts are only protected by passwords, which can be targeted with phishing, credential stuffing, and brute-force attacks. A compromised administrator account without MFA can provide attackers with full access to network configurations, client data, and security policies, leading to potential service disruption and security breaches.

Fig.4 Multi-Factor Authentication

Audit Procedure

Log into the Meraki Dashboard, go to Organization -> Settings -> Security. Verify that "Two-Factor authentication" is enabled. Go to Organization -> Configure -> Administrators and verify that users are using 2FA. 

Mapping: CIS 8.1 Control 5.2

Audit Logs

Audit logs need to be enabled and reviewed regularly to ensure accountability, detection of unauthorized changes and support investigations. Without proper audit logging and regular review, malicious or unintentional changes can cause security breaches, service disruption and compliance violations. Audit logs help to mitigate these issues by providing historical data. Audit logs are enabled by default in Cisco Meraki and can't be disabled. Periodical audit procedure should be established to ensure traceability and detect unexpected changes.

Audit Procedure

Log into the Meraki Dashboard, Go to Organization → Monitor → Change Log. Verify that audit logs are being collected. Audit logs can also be fetched through API to external systems like a SIEM. Verify that the periodical review procedure is in place. 

Mapping: CIS 8.1 Control 8.2

Conclusion

The CIS Meraki Benchmark is an important resource to implement and maintain a resilent network. By enforcing named (non-shared) accounts, role-based least privilege, enabling MFA, and reviewing access regularly, you significantly lower the risk of misconfigurations, data exposure, and service interruptions.

Call-to-Action

CIS Benchmarks are built by community members like you and me. We need more people like you to come with input and make sure that we are providing real, practical advice to the rest of the world. Please join: CIS WorkBench / Benchmarks

References

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Managing_Dashboard_Administrators_and_Permissions

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Role-Based_Access_Control_Custom_Roles_Beta?utm_source=chatgpt.com

Managing Dashboard Administrators and Permissions (Modernized View) - Cisco Meraki Documentation

https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Organization_Menu/Organization_Settings

https://documentation.meraki.com/General_Administration/Other_Topics/Two-Factor_Authentication

Read More

Ethical Hacker: Why should you learn networking?

Ethical Hacker: Why should you learn networking?

Networking is arguably the most vital component of the current internet and IT infrastructure, the backbone of today’s technology. Imagine a world where computers, servers and other IT systems wouldn't be able to communicate with each other. That would basically kill the modern internet and most of the technology as we know it. As an ethical hacker, your job is to understand the logic behind networking, because that’s how you find vulnerabilities and misconfigurations. 

Fig.1 Mr. Robot reading CCNA 

So where do you learn networking from?

The golden standard for learning the basics is Cisco CCNA. While it doesn’t teach you anything about hacking, it helps with understanding the fundamentals of how networks are built. It covers one of the many domains you have to master to become a great ethical hacker.

How can an ethical hacker use networking knowledge?

Let's look at some of the attacker tactics and techniques in the MITRE ATT&CK framework, one of the most widely used knowledge bases, and compare some of the tactics and techniques to the topics addressed in the CCNA blueprint. The CCNA topics are only scratching the surface, since hacking is not the focus, but there is a ton of useful information to build solid knowledge on many protocols exploited by hackers.  While there is no 1-to-1 mapping between the attack techniques and the CCNA blueprint topics, we can find a few crossing points between the two. 

Network Reconnaissance & Scanning (MITRE Tactic: Reconnaissance & Discovery)

Ethical hackers gather intelligence on a target using IP addressing, subnets, VLANs, and open ports.

Tools like Nmap, Wireshark, and Netcat help with network mapping. 

CCNA Topics:

1.0 Network Fundamentals – Understanding IP addressing, subnets and VLANs helps hackers map networks. 

2.0 Network Access – Layer 2 discovery (CDP, LLDP, ARP) - Protocols used for reconnaissance. 

3.0 IP Connectivity - Routing Concepts and layer 3 protocols (OSPF, Static Routing) - Identification of network topologies. 

MITRE Techniques:

T1595 – Active Scanning (Port & Service Discovery)

T1046 – Network Service Scanning

T1018 – Remote System Discovery

T1071 – Application Layer Protocol for Command & Control

Exploiting Network Vulnerabilities (MITRE Tactic: Initial Access & Execution) 

Attackers exploit weaknesses in TCP/IP, HTTP, FTP, and SSH to gain unauthorized access. MITM attacks like ARP poisoning and DNS spoofing can intercept or redirect network traffic.

CCNA Topics:

2.0 Network Access - (Telnet, SSH, HTTP, HTTPS)

4.0 IP Services - Understanding NAT, DNS, SSH 

5.0 Security Fundamentals - Understanding 

Device Security - Administrative Access, Device Hardening. 

MITRE Techniques:

T1189 – Drive-by Compromise

T1203 – Exploitation for Client Execution

T1557 – Man-in-the-Middle (MITM)

T1040 – Network Sniffing

Wireless Attacks (MITRE Tactic: Credential Access & Privilege Escalation)

Wi-Fi hacking targets weak encryption (WEP, WPA, WPA2) and uses deauthentication attacks.

 

CCNA Topics:

5.0 Security Fundamentals (WLAN, WPA, SSID, Authentication)

MITRE Techniques:

T1602 – Network Sniffing for Credentials

T1556 – Modify Authentication Process

T1078 – Valid Accounts 

Post-Exploitation & Data Exfiltration (MITRE Tactic: Lateral Movement & Exfiltration)

Once inside a network, ethical hackers move laterally using pivoting, port forwarding, and VPN tunneling. DNS tunneling and C2 servers are used for exfiltrating data.

CCNA Topics:

IP Connectivity - Routing Concepts - helps with pivoting and lateral movement.

Network Automation - Learning basic scripting, which could help with exfiltration techniques. 

MITRE Techniques:

T1570 – Lateral Tool Transfer

T1095 – Non-Application Layer Protocol (ICMP, UDP for Covert C2)

T1048 – Exfiltration Over Alternative Protocol (DNS Tunneling)

T1071.004 – Exfiltration Over C2 Channel

Conclusion

Networking is the backbone of the modern technology.  Whether you are an ethical hacker, IT technician or security analyst, understanding how networks work will make you more effective in doing your daily job. CCNA being the golden standard in learning networking is one of the certifications to consider for building the fundamental knowledge in protocols, infrastructure and communication. 

References

MITRE ATT&CK framework: MITRE ATT&CK®

CCNA Blueprint: CCNA Exam Topics

Read More

CCIE Coffee Blog: #29174 Arijan Jashari

    Welcome to the third post of the CCIE Coffee Blog, where we highlight the inspiring journeys of Albanians who have achieved the prestigious CCIE certification. It's meant to provide some background info for the CCIE Hall of Fame for Albania and Kosovo. This series contains non-technical content aiming to the inspiration of young Albanians to pursue similar paths like our much respected guests.

    

Fig.1 CCIE Coffee Blog

Meet our Third Guest: Arijan Jashari

    Arijan is a truly dedicated networking engineer, with over 20 years of experience. His passion for math and coming in contact with telecommunications in the early days became the catalyst for the upcoming long and prosperous journey in networking. Cisco CCIE has had a tremendous impact in his career and opened up many doors for him in the tech industry. Arijan has worked for global companies like Juniper, Nike, LibertyGlobal and most recently UBS, where he has a Network Reliability Engineer, Director role. 

    Knowing first hand how the war in Kosovo has impacted so many Albanians, it is truly remarkable that Arijan has been able to keep focus on networking, by starting the certification journey only 2 years after the war. I had a chat with Arijan about his career journey. 

Fig.2 CCIE #29174 Arijan Jashari

1. Career Inspiration:

What sparked your interest in networking and technology? Who or what has been your biggest inspiration in your career?

    Like many of us in high school, I was unsure about my career path. However, one thing was clear, that I loved math. It came naturally to me, and I enjoyed solving problems. In 1996, I decided to study applied mathematics but soon realized that my true passion lay not in pure math but in its applications within computer science, particularly in number theory, equations. This realization led me toward technology, but my journey wasn’t straightforward, after the war in 1999 I worked as an interpreter for the U.S. military, during that time, I noticed that telecommunications played a crucial role in everything they did, this sparked my fascination with networking and computer systems. By 2001 I was certain that this was the field I wanted to dedicate my career to. Because I enjoyed the preparation process, I pursued multiple CCIE and JNCIE tracks. 

2. CCIE Certification Experience:

Can you describe your experience while preparing for the CCIE exam? How did you balance study with other commitments?

    Preparing for the CCIE exam while managing other responsibilities was incredibly challenging. When I began my preparation in 2006, I was working full-time and raising two young children. My wife took on most of the family responsibilities, allowing me to focus on work and studying. I dedicated every spare moment to preparation.

    On my first attempt, I felt confident about my lab work, but unfortunately, I didn’t pass. It was a tough moment, but instead of discouraging me, it strengthened my determination to succeed.

3. Professional Achievements:

What are some key achievements or milestones in your career since obtaining your CCIE certification?

    Earning my CCIE certification was one of the biggest milestones in my career. The preparation itself was a transformative experience, I spent long hours in the lab fully immersed in learning, and truly enjoying the process. The knowledge and expertise I gained opened countless doors. I was invited to multiple job interviews and received numerous offers. Achieving my CCIE certification marked a turning point in my career, giving me the recognition and credibility to take on more advanced roles in networking.

4. Challenges and Overcoming Them:

What have been some significant challenges in your career, and how did you overcome them?

    One of the most significant challenges I faced was deciding the direction of my career. In 2001, I was torn between pursuing mathematics, computer systems, programming, or networking. It was a difficult decision, but I ultimately realized that my passion lay in networking and systems.

    Committing to this path was the best decision I made, shaping my entire professional journey. I started with CCNA, then progressed to CCNP and MCSE. Soon after, in 2003, I began teaching a CCNA class at Cisco Academy in Gjilan, which further solidified my expertise in networking.

5. Impact of CCIE on Career:

How has being a CCIE-certified professional impacted your career trajectory or opportunities?

    The CCIE certification solidified my focus on networking and positioned me as an expert in the field. Achieving such a prestigious certification brings immense recognition and unlocks incredible opportunities. It’s a challenging journey but once you accomplish it opportunities start knocking at your door.

6. Life Lessons from the CCIE Journey:

What are some important life lessons you’ve learned during your journey to and after achieving CCIE certification?

    One of the most valuable lessons I’ve learned is the importance of following what you truly enjoy. However, I also realized that long hours of studying, especially sitting for extended periods, can take a toll on your health. Maintaining a balance is crucial.

    The CCIE certification offers multiple career paths, and even if you don’t end up taking the exam, the learning journey itself is invaluable. It taught me the significance of perseverance, discipline, and the joy of continuous learning.

7. Personal Growth and Development:

How do you continue to grow and develop professionally? Are there specific areas or technologies you’re currently focused on?

    Currently, I’m focusing on automation and development, particularly leveraging AI to build innovative solutions. At the same time, I’m prioritizing a better balance between professional growth and family life, something I struggled with in the past but now deeply value.

Conclusions: 

    Arijan is one of the stars of the CCIE HoF for Albania and Kosovo, truly dedicated to networking. He decided to focus 100% on the networking field and used Cisco certifications combined with Juniper to support the journey. Having a clear plan and persistence in over 20 years in networking has clearly shaped his own career. Continuous learning is a crucial part of his career, and even today he is improving his skills with all the new AI developments in the field. The networking field can be quite demanding, but Arijan has found the key to have a balance between the career and family life.

Read More