Implement switch security on your network …
2008-04-02 10:58:11来源:互联网 阅读 ()
Takeaway:
Switch security involves challenges. Take a look at how you can ensure switch security in your organization.
--------------------------------------------------------------------------------
When it comes to securing internal networks, one area that organizations often overlook is switch security. Most companies tend to focus on their borders and end users, forgetting the devices that connect the two.
Ensuring switch security in your organization basically comes down to two steps: Defining what users can see, and defining what they can connect.
What you see
Every business-grade switch allows you to define virtual local area networks (VLANs). Organizations typically implement VLANs for the following reasons:
Broadcasts: A VLAN doesn't pass broadcast traffic to nodes that aren't part of the VLAN.
Performance: A VLAN can reduce the number of router hops and extend your local topology between user workstations and resource servers, increasing the apparent bandwidth for network users.
Departments: A VLAN can segment departments that use bandwidth-intense applications. You can also dedicate a VLAN to specific types of job roles (e.g., executives, kiosk workstations, etc.).
Security: A VLAN allows organizations to separate sensitive clusters of systems from the rest of the network, decreasing the likelihood that users will gain access to information on these clients and servers.
What you connect
Port security is also available on every business-class switch. Some switches allow very in-depth settings; others just provide some of the basics. Here's a look at some of your options:
MAC Locking: This involves tying a Media Access Control (MAC) address of one or more connected devices to a physical port on a switch. If you lock a switch port to a particular MAC address, you don't have to worry about superusers or internal black hats creating backdoors into your network with rogue access points.
MAC Lockout: This disables a specified MAC address from ever connecting to a switch.
MAC Learning: Using knowledge about each switch port's direct connections, the switch can set security based on current connections.
Remote Configuration: Limit remote configuration to specific IP addresses, using SSH instead of Telnet. Telnet passes usernames and passwords in clear text, potentially allowing everyone on the LAN segment to see login credentials.
Final thoughts
Switch security does involve challenges, particularly when it comes to setting up and deploying new workstations in your help desk area. This is definitely an issue you should consider when implementing a switch security policy.
Network administrators who balk at port security because it's labor-intensive and requires constant management should consider this: Port security stops people from attaching wireless access points and bypassing your site security. That alone should be a good enough reason to implement switch security on your network today.
Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
上一篇:严守秘密的科学方法-密码学初探
下一篇:网络安全重在日常防护
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash