RE: Port Security on switches?

Port Security on switches is a good idea. Initial setup is a pain because
you have to keep in mind your own test equipment, ie Fluke meters, laptops,
etc that your own department uses on a daily basis. Each port needs to have
their MAC addresses in the list of approved devices. Then you need to ensure
that you have the MAC address of the device attached to that port. That in
itself is easy to get. Once you do that, then it is a matter of
"housekeeping" to maintain. The problem is notification of "illegal"
equipment. This does not notify you, it locks the port so they cannot access
anything. Then you must unlock it. But it does what it is supposed to do and
that is keep illegal equipment off of your network. I don't care who is
trying to get on, I only care about keeping them off. Bottom line - only
approved equipment is sniffing my network.

Bob Emerson, Network Administrator VA

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Albert R. Campa
Sent: Friday, March 14, 2008 2:22 PM
To: security-basics
Subject: Port Security on switches?

Do you use it? Is it a good idea network wide? Yes I guess it could be
an administrative pain but I want to see how it is used these days.

Is there an alternative?

My concern is people connecting non authorized laptops to the network
and getting an IP then access. What is a common/effective way to be
notified of any new device connected to the network?

Sure we have physical security(guards 24/7) in our main building,
badge access security in our other building, but visitors such as
vendors, contractors, etc come often and its basically left up to
their sponsors to ensure they dont connect anything to a free port on
the wall.

Comments are appreciated.


Relevant Pages

  • Re: DHCP
    ... This is more of a network security issue than a dhcp security fix. ... Check out your switches and see if port security is available. ...
  • Re: Certificate-based DHCP authentication
    ... Many switch / router vendors already have such an 802.1x solution, ... Enable "port ... enable switch port security on shared ports such as ports in conference ... inside attackers may be able to easily sniff the traffic or steal a network ...
  • Re: Secret CIA Op Compromised
    ... Port Deal Threatens Bush's Standing in GOP ... WASHINGTON - Republicans' raucous rebellion against the White House ... Democratic efforts improve port security since the 2001 attacks," ... of increased transparency regarding such issues of national security. ...
  • RE: Printing from Win9x clients stops
    ... > and make sure this software does not interfere with SBS Server. ... > clients, please disable it and try again. ... Create a local printer and redirect the port to the network server. ...
  • RE: SBS 2003, ISA 2004
    ... ISA and IIS try listening on these two ports. ... by default the Web Proxy is listening on port 8080 ... of the local network adapter. ... Microsoft CSS Online Newsgroup Support ...