Re: Locking down Ports and DHCP (Tyler Robinson)

[Cody Dumont <CDumont () nwnit com>]

TR,

If you are running Cisco as the switching platform, I have a configuration builder on my blog http://www.melcara.com.  
The posting is called "Secure Switch Config 0.01".  The config builder show how to enable Dynamic ARP Inspection (DAI), 
DHCP Snooping and Port Security.  The config builder also shows how to harden then control plane of the switch.  If you 
don't have Cisco switches, the concepts shown should also be somewhat applied to any other vender if the vender 
supports the features previously mentioned.  Also you  might want to consider something like 802.1x, which uses RADIUS 
to authenticate a user to the switch port and can quarantine the user if authentication fails.  Sophos 
(www.sophos.com<http://www.sophos.com>) also have a good NAC product and the Cisco NAC is good, but very expensive.

Cody

________________________________
Note: This message and any attachments is intended solely for the use of the individual or entity to which it is 
addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, 
distribution, or copying of this communication is strictly prohibited. If you have received this communication in 
error, please notify the original sender immediately by telephone or return email and destroy or delete this message 
along with any attachments immediately.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com