PaulDotCom mailing list archives
Re: Locking down Ports and DHCP (Tyler Robinson)
From: Cody Dumont <CDumont () nwnit com>
Date: Thu, 29 Jul 2010 09:32:07 -0400
TR, If you are running Cisco as the switching platform, I have a configuration builder on my blog http://www.melcara.com. The posting is called "Secure Switch Config 0.01". The config builder show how to enable Dynamic ARP Inspection (DAI), DHCP Snooping and Port Security. The config builder also shows how to harden then control plane of the switch. If you don't have Cisco switches, the concepts shown should also be somewhat applied to any other vender if the vender supports the features previously mentioned. Also you might want to consider something like 802.1x, which uses RADIUS to authenticate a user to the switch port and can quarantine the user if authentication fails. Sophos (www.sophos.com<http://www.sophos.com>) also have a good NAC product and the Cisco NAC is good, but very expensive. Cody ________________________________ Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Locking down Ports and DHCP (Tyler Robinson) Cody Dumont (Jul 29)