5.7. Restricting Access to Switches
Throughout this chapter ways of securing access and core infrastructures have been discussed, and one common theme has emerged: The best way to secure switching infrastructure is to prevent attackers from gaining access.
The first step to prevent access to switches is to disable unused ports. If an attacker cannot pass traffic while plugged into a network jack, then it is hard to do damage. Sometimes it is difficult to leave unused ports disabled, as in the conference room example. In cases where a port cannot be disabled, restrict access to that port based on MAC address. To increase security in common areas, consider keeping those rooms locked when not in use. If you use key cards, or some other sort of ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
