How to Secure Access Switch Ports
One of the easiest ways to secure a network is to make sure you have some simple security features enabled on switch ports to which your end users connect. Properly securing switch access ports is fairly straightforward, but some techniques are often overlooked. In this guide, I'll discuss a few ways to protect your network by restricting access to users and devices you want connected to your access switches. Most enterprise-class switches have identical or similar port security features. So while the examples in this guide uses a Cisco switch, switches from other vendors can be configured in a similar manner.
One general bit of advice regarding the configuration of switch ports and VLANs on a production network: The default VLAN 1 should not be used for data transport. There are several reasons for this, but the primary reason is that VLAN 1 was meant to transport switch management communications between devices such as CDP, PAgP and VTP. I recommend this communication be separated from any user data running across the switch.
In this guide, I'll describe four different access-port configuration options to show how they provide added security benefits, and explain how to configure them. While these configurations don’t guarantee that your network will be completely safe from malicious or unauthorized behavior at the access-layer, they certainly help close some common security gaps. The concepts I'll cover are:
- The purpose for configuring access-only switch ports
- Why enabling BPDU guard will protect against unauthorized network devices
- How port security can restrict unauthorized end devices
- How to handle unused switch ports
Let’s get started.
NEXT PAGE: Access-only switch ports
Recommended For You
Businesses can make their organizations more secure while increasing employee productivity with fast, global wireless connectivity.
It’s no secret that as far as IT security goes, the healthcare space could be a whole lot better. How did things get so dire? And what can we do about it?
A basic, layered approach to DNS security can dramatically reduce the chances of DNS and BGP-related compromise. Here are three essential, preventative measures that organizations should implement.
The IIoT is here. Now it's time to make sure that security issues won't derail its value.
A security team with a broader view of issues can provide better plans and solutions to problems and the ability to react effectively and quickly in a security emergency.
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.