Security Basics mailing list archives
RE: Port Security on switches?
From: "Bob Emerson" <remerson () ec rr com>
Date: Fri, 14 Mar 2008 20:45:03 -0400
Port Security on switches is a good idea. Initial setup is a pain because you have to keep in mind your own test equipment, ie Fluke meters, laptops, etc that your own department uses on a daily basis. Each port needs to have their MAC addresses in the list of approved devices. Then you need to ensure that you have the MAC address of the device attached to that port. That in itself is easy to get. Once you do that, then it is a matter of "housekeeping" to maintain. The problem is notification of "illegal" equipment. This does not notify you, it locks the port so they cannot access anything. Then you must unlock it. But it does what it is supposed to do and that is keep illegal equipment off of your network. I don't care who is trying to get on, I only care about keeping them off. Bottom line - only approved equipment is sniffing my network. Bob Emerson, Network Administrator VA -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Albert R. Campa Sent: Friday, March 14, 2008 2:22 PM To: security-basics Subject: Port Security on switches? Do you use it? Is it a good idea network wide? Yes I guess it could be an administrative pain but I want to see how it is used these days. Is there an alternative? My concern is people connecting non authorized laptops to the network and getting an IP then access. What is a common/effective way to be notified of any new device connected to the network? Sure we have physical security(guards 24/7) in our main building, badge access security in our other building, but visitors such as vendors, contractors, etc come often and its basically left up to their sponsors to ensure they dont connect anything to a free port on the wall. Comments are appreciated. Albert
Current thread:
- Port Security on switches? Albert R. Campa (Mar 14)
- RE: Port Security on switches? Nick Duda (Mar 17)
- RE: Port Security on switches? Petter Bruland (Mar 17)
- RE: Port Security on switches? Bob Emerson (Mar 17)
- Re: Port Security on switches? Predrag Petrović (Mar 17)
- Re: Port Security on switches? Abe Getchell (Mar 17)
- Re: Port Security on switches? Logan Douglas (Mar 17)
- RE: Port Security on switches? Sule, Mohammed (Mar 21)
- <Possible follow-ups>
- Re: RE: Port Security on switches? CG (Mar 18)