RE: Port Security on switches?

["Sule, Mohammed" <Mohammed.Sule () nbhn net>]

If the switches support MAC Lockdown on ports use it.
Disable all port that are not in use, and enable them as required.
This will be good start and you can add additional layer of protection
like 802.1x.
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Albert R. Campa
Sent: Friday, March 14, 2008 2:22 PM
To: security-basics
Subject: Port Security on switches?

Do you use it? Is it a good idea network wide? Yes I guess it could be
an administrative pain but I want to see how it is used these days.

Is there an alternative?

My concern is people connecting non authorized laptops to the network
and getting an IP then access. What is a common/effective way to be
notified of any new device connected to the network?

Sure we have physical security(guards 24/7) in our main building, badge
access security in our other building, but visitors such as vendors,
contractors, etc come often and its basically left up to their sponsors
to ensure they dont connect anything to a free port on the wall.

Comments are appreciated.

Albert
-----------------------------------------
Visit www.nyc.gov/hhc

CONFIDENTIALITY NOTICE: The information in this E-Mail may be
confidential and may be legally privileged. It is intended solely
for the addressee(s). If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or omitted to
be taken in reliance on this e-mail, is prohibited and may be
unlawful. If you have received this E-Mail message in error, notify
the sender by reply E-Mail and delete the message.