Security Basics mailing list archives
RE: Unauthorised switchport access
From: dholton1 () comcast net
Date: Thu, 16 Nov 2006 12:08:54 +0000
I had the same situation at a company I was consulting for, and the solution was very easy. 1) I made a switch "safe". Basically a metal box with an opening for the cables (though technically someone could splice into the cables that are exposed), and a nice big lock on the front. The switch was still in the unlocked closet, but It helped prevent people from just plugging into the switch. The company was VERY happy to see this. (what do you know, a non-technical solution from a technical list...) :-) 2) Disabled unused switch ports (already recommended) 3) Had the switch allow only the MAC that was currently connected to the port to connect (so if someone did splice in they'd have to figure out the MAC that was allowed and clone it). Cloning a MAC is not difficult, so that's why the other layers are in place as well. (also already recommended) In addition I'd also make sure you have proper security set up internally. This means local firewalls, IDS/IPS, and a good patching solution (Don't over-look that one!) As Erick suggested enabling IPsec would be a huge step in the right direction for you. -Dan --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Unauthorised switchport access gary . shaw (Nov 14)
- Re: Unauthorised switchport access Aaron Howell (Nov 15)
- Re: Unauthorised switchport access Kern (Nov 15)
- RE: Unauthorised switchport access David Gillett (Nov 15)
- Re: Unauthorised switchport access MaddHatter (Nov 15)
- RE: Unauthorised switchport access Murda Mcloud (Nov 15)
- <Possible follow-ups>
- RE: Unauthorised switchport access Scott Ramsdell (Nov 15)
- RE: Unauthorised switchport access Erick Jensen (Nov 15)
- RE: Unauthorised switchport access dholton1 (Nov 16)