Posts
This post is focusing on building the Center for Internet Security (CIS) Benchmark for Cisco Meraki. CIS is one of the most respected institutions when it comes to security standards, with CIS Controls being one of the most widely used resources for implementing and securing infrastructures. This benchmark is considered a prescriptive configuration recommendation for Cisco Meraki. The first section of the Benchmark will focus on Administrative and Dashboard Access.
Why do we need a Benchmark?
Following the configuration guides can sometimes be complicated and without having a logical connection between the different documents, it's almost impossible to ensure that all the necessary security features are enabled. In order to streamline the security implementation, it is recommended to follow security standards. One of the most widely used security standards is CIS Controls, due to its very detailed and practical way of describing the technical and organizational safeguards to build a secure infrastructure. I decided to join CIS as an Editor and Subject-Matter Expert to help the community and the rest of the world.
Who is this benchmark for?
This benchmark is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Cisco Meraki equipment and solutions.
Administrative and Dashboard Access
Administrative Accounts
There are 2 basic types of dashboard administrators: Organization and Network. Organization administrators have access to the entire organization with all the networks, while network administrators are limited to the individual networks and their devices. We need to make sure to use named accounts that are not shared, in order to minimize the risk of unauthorized access and ensure accurate audit trails. We also need to go through the list periodically and revoke access as necessary.
Fig.2 Administrative and Dashboard Access (Beta)
Audit Procedure
Log into the Meraki Dashboard, go to Organization -> Configure -> Administrators, and go through the list to make sure there are no shared logins, like "info", "support", "VendorX" etc.
Mapping: CIS 8.1 Control 5.
Network Admin Accounts
Network access need to be granted only where required, preferably in read-only mode. If network-level administrators are granted more privileges than required, they may accidentally or maliciously alter configurations across the networks that they have been granted access to. This can cause service outages, security policy violations or exposure of sensitive data. It is necessary to do periodical review and revoke unnecessary access.
Audit Procedure
Log into the Meraki Dashboard, go to Organization -> Configure -> Administrators, and go through the list of network accounts to make sure there are no shared logins, like "info", "support", "vendorX" etc.
Mapping: CIS 8.1 Control 5
Role-Based Access Control
Accounts with higher privileges than necessary pose significant security risks. Implementing Role-Based Access Control reduces the attack surface. Failure to implement proper role-based controls in the Meraki Dashboard increases the risk of unauthorized or excessive administrative access. Overprivileged accounts can cause accidental or malicious changes to the organization. Organizational data might also be exposed.
Audit Procedure
Log into the Meraki Dashboard, go to Organization -> Configure -> Administrators, verify the organization and network level access for all accounts, with focus on the custom role assignments. Audit Camera access permissions. Verify if the existing roles match the documented process of the organization for assigning role-based access account. Compare results to the last dated role-based access control audit.
Mapping: CIS 8.1 Control 6.8
Multi-Factor Authentication
Enforcing Two-Factor Authentication protects from unauthorized access in case the password of the administrator is compromised. This reduces the risk of account takeover, unauthorized configuration changes and security breaches.If two-factor authentication (2FA) is not enforced for all Meraki Dashboard logins, accounts are only protected by passwords, which can be targeted with phishing, credential stuffing, and brute-force attacks. A compromised administrator account without MFA can provide attackers with full access to network configurations, client data, and security policies, leading to potential service disruption and security breaches.
Audit Procedure
Log into the Meraki Dashboard, go to Organization -> Settings -> Security. Verify that "Two-Factor authentication" is enabled. Go to Organization -> Configure -> Administrators and verify that users are using 2FA.
Mapping: CIS 8.1 Control 5.2
Audit Logs
Audit Procedure
Log into the Meraki Dashboard, Go to Organization → Monitor → Change Log. Verify that audit logs are being collected. Audit logs can also be fetched through API to external systems like a SIEM. Verify that the periodical review procedure is in place.
Mapping: CIS 8.1 Control 8.2
Conclusion
Call-to-Action
References
Managing
Dashboard Administrators and Permissions (Modernized View) - Cisco Meraki
Documentation
https://documentation.meraki.com/General_Administration/Other_Topics/Two-Factor_Authentication
.jpg)
