How to Secure Access Switch Ports
One of the easiest ways to secure a network is to make sure you have some simple security features enabled on switch ports to which your end users connect. Properly securing switch access ports is fairly straightforward, but some techniques are often overlooked. In this guide, I'll discuss a few ways to protect your network by restricting access to users and devices you want connected to your access switches. Most enterprise-class switches have identical or similar port security features. So while the examples in this guide uses a Cisco switch, switches from other vendors can be configured in a similar manner.
One general bit of advice regarding the configuration of switch ports and VLANs on a production network: The default VLAN 1 should not be used for data transport. There are several reasons for this, but the primary reason is that VLAN 1 was meant to transport switch management communications between devices such as CDP, PAgP and VTP. I recommend this communication be separated from any user data running across the switch.
In this guide, I'll describe four different access-port configuration options to show how they provide added security benefits, and explain how to configure them. While these configurations don’t guarantee that your network will be completely safe from malicious or unauthorized behavior at the access-layer, they certainly help close some common security gaps. The concepts I'll cover are:
- The purpose for configuring access-only switch ports
- Why enabling BPDU guard will protect against unauthorized network devices
- How port security can restrict unauthorized end devices
- How to handle unused switch ports
Let’s get started.
NEXT PAGE: Access-only switch ports
Recommended For You
It’s time to check your computer network because the bane of many a digital security professional’s existence has returned!
Network security is complex and challenging. If you want to strengthen your network security, never follow these four tips.
In the case of cloud-deployed systems that have exposed our data, that silver lining is that we know more about where and how these breaches occur.
IT and security teams must work together to ensure a company’s entire infrastructure is protected, regardless if workloads are run on-premises or in the cloud.
Intent-based segmentation can interpret business and security requirements and converts that into a segmentation policy that protects and isolates resources.