by Thomas Kinsinger
Director of Technology, E-N Computers
20+ years experience in enterprise IT and managed services.
Are you using or thinking about using Cisco Meraki firewalls, switches or access points? Since Meraki is a cloud–based solution, security for the dashboard needs to meet best practices.
If you’ve just started using the Meraki dashboard or you’ve been using it for years, you probably appreciate how great it is to easily monitor your network from a single dashboard. However, like anything else in the cloud, the dashboard needs to be secured. Gone are the days when someone needed physical access to your devices to cause damage.
As we worked with clients who were meeting NIST or DFARS cybersecurity compliance, we had to work with Meraki reps to learn how to thoroughly secure the dashboard. Now we are happy to share what we have learned and in a convenient format. All of the recommended settings are listed below, or you can download them in PDF format for later reference.
The following checklist will help organizations review the platform and evaluate risks that might be associated with their current network setup or policies.
Great products like Meraki are only as good as the person or team that is managing them. Work with your IT team, your outsourced provider, or simply reach out to Meraki support to verify the security of your system setup.
Our team has been supporting and supplying Meraki equipment since 2012. As a Meraki partner and early adopter of their fantastic product, we are excited to share this with you and hope you find it helpful.
Download the PDF
Use our Meraki Dashboard Best Practices guide to check the security of your current setup and make improvements. We walk you through eight key sections of the dashboard and link to the Meraki documentation if you want more information.
Settings to secure your Meraki dashboard
Organization>Settings
Security (Meraki documentation)
- Password expiration
- Force users to change their password every X days
- Used passwords
- Force users to choose passwords different from their past passwords
- Strong passwords
- Force users to choose strong passwords for their accounts
- Account lockout
- Lock accounts after 5 consecutive failed login attempts
- Idle timeout
- Logout users after x minutes of inactivity (recommended 10)
- Two-factor authentication
- Force to use two-factor authentication
- Login IP Ranges (Optional but requires network access where the public IP addresses reside)
- Only allow access to Dashboard from specific public IP addresses
Authentication (optional)
- SAML SSO enabled
Meraki Support Access
Support Access Level
- BLOCKED – Block Meraki Support access to this organization (when doing support cases, you would only enable this during the time of support help)
Network-wide > General
Device configuration (Meraki documentation)
- Local credentials
create a username/password for accessing devices local status page
Firmware Upgrades (Meraki documentation)
- Setup upgrade window for each product type
Network-wide > Alerts(Meraki documentation)
Default recipients
- Set desired default alerts (every alert trigger will alert to these recipients)
Network-wide
- Configuration settings are changed (Optional but useful)
Wireless (Only displays if wireless devices in the network)
- A gateway goes offline for X minutes – Enable
Security Appliance (Only displays if security appliance devices in the network)
- A security appliance goes offline for X minutes – Enable
- Malware is blocked – Enable
- Malware is downloaded – Enable
Switch (Only displays if switch devices in the network)
- A switch goes offline for X minutes – Enable
Cellular gateway (Only displays if cellular gateway devices in the network)
- A cellular gateway goes offline for X minutes – Enable
Security & SD-WAN > Threat protection (Meraki)
Advanced Malware Protection (AMP) – Enable
Threat Grid (optional) – Enable
Intrusion detection and prevention
- Mode – Prevention
- Ruleset – Security
Umbrella protection (Optional to enable if using/having umbrella)
Security & SD-WAN > Content Filtering (Meraki)
Category Filtering – Choose which categories
URL category list – FULL LIST
Switch > Switch ports (Meraki)
Disable all ports that are not in use
Switch >Switch settings (Meraki)
VLAN configuration
- Management VLAN – set a specific MGMT VLAN for devices
STP configuration
- Enable RTSP and setup STP Bridge priority for switches based on topology.
Monitoring: Organization > Change log (Meraki)
Shows every change in the dashboard with time stamps and the administrator responsible
Monitoring: Organization > Login attempts (Meraki)
Shows every login attempt to the dashboard with time stamps, location, and the administrator responsible
How we can help
If you have any questions about how to configure your Meraki dashboard, consider partnering with a trusted managed service provider (MSP) like E-N Computers. Our consulting and fully managed IT services have helped hundreds of clients to practice better security and enjoy a more reliable infrastructure. Let our expert system administrators help you to build a secure, stable network that contributes to the success of your business.
If you’re looking for guidelines on complying with CMMC and DFARS, our popular Ultimate Guide to DFARS and NIST 800-171 or Ultimate Guide to CMMC might be helpful.
If you are looking for costs and considerations in setting up a small business network, the following may be of interest:
READ: How much does a small business network setup cost?
Industries
Locations
Waynesboro, VA
Corporate HQ
215 Fifth St.
Waynesboro, VA 22980
Sales: 540-217-6261
Service: 540-885-3129
Accounting: 540-217-6260
Fax: 703-935-2665
Washington D.C.
1126 11th ST. NW
Suite 603
Washington, DC 20001-4366
Sales: 202-888-2770
Service: 866-692-9082
VA DCJS # 11-6604
Locations
Harrisonburg, VA
45 Newman Ave.
Harrisonburg, VA 22801
Sales: 540-569-3465
Service: 866-692-9082
Richmond, VA
3026A W. Cary St.
Richmond, VA 23221
Sales: 804-729-8835
Service: 866-692-9082