Basic Switch Security

Posted on August 15, 2009. Filed under: CCNA, ICND1 break down | Tags: , , , |

There are many actions the network administrator can take to secure the switches.

  • prevent physical threat — Physcial thread are threats to the physical switch machine or the enviroment the switch works in. For example, an unwanted personal entered the switch closet and turn off the power to the switch or turn off the air conditioning system in the switch room. To prevent physical threat, the best way is to lock your switch into a room only few people have access to or even knows about.
  • Use IOS command “shutdown” to shut down the unused switch ports.
  • Use password to protect console port, Telnet port (vty), and prilileged EXEC mode. You can set password encryption with command “service password-encrytion” under global configuration mode. Passwords that are displayed or set after the command “service password-encrytion” will be encrypted in the output of show commands, such as command show running-config. We have a seperate post about password.
  • By default, all the switch ports are ready to trunk (accept connections from other switches’ ports), which means, hackers can attach their switches to your switch port. To prevent this, use “switchport mode access” to prevent the port from trunking.
  • Display a banner before the username and password login promts by using command “banner login” under global configuration mode.
  • Use switch’s port security feature to control access to a switch port based upon a MAC address. This important switch security feature will be discussed extensively in a seperate post.

ICND1 and ICND2 break down


Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

3 Responses to “Basic Switch Security”

RSS Feed for IT Certifications Comments RSS Feed

[…] * Ethernet LAN Segments * Repeaters, Hubs, Bridges, Switches and Routers * MAC address learning and filter/forward decisions * Frame Processing Methods * Virtual LANs * Cisco Three-Layer Switching Model * Introduction to STP * Basic Switch Security […]

[…] xxxxx http// […]

Where's The Comment Form?

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: