Switch Security Configuration – Part 2
Switch security configuration involves implementing measures on network switches to protect the LAN from unauthorized access and attacks.
Key Objectives:
Prevent unauthorized access to switch ports.
Protect against attacks like MAC spoofing, VLAN hopping, and ARP poisoning.
Ensure network availability and integrity.
Common Security Features:
Port Security:
Limits devices per port using MAC addresses.
Can restrict, protect, or shut down a port on violation.
BPDU Guard:
Protects the Spanning Tree Protocol from malicious BPDU messages.
DHCP Snooping:
Prevents rogue DHCP servers from assigning incorrect IPs.
Dynamic ARP Inspection (DAI):
Prevents ARP spoofing attacks.
VLAN Security:
Use private VLANs and proper trunk port configurations to isolate traffic.
Port Shutdown/Shutdown Modes:
Administratively disable unused ports to prevent unauthorized access.
Best Practices:
Regularly update switch firmware.
Monitor switch logs for suspicious activity.
Apply least privilege principles for administrative access.
Benefits:
Protects network from internal and external threats.
Ensures stable and reliable LAN operation.
Reduces risks of downtime or data breaches.