Netra Server X5-2 Security Guide

Exit Print View

Updated: May 2015

Network Switches and Ports

Network switches offer different levels of port security features. Refer to the switch documentation to learn how to do the following:

  • Use authentication, authorization, and accounting features for local and remote access to the switch.

  • Change every password on network switches that might have multiple user accounts and passwords by default.

  • Manage switches out-of-band (separated from data traffic). If out-of-band management is not feasible, then dedicate a separate virtual local area network (VLAN) number for in-band management.

  • Use the port mirroring capability of the network switch for intrusion detection system (IDS) access.

  • Maintain a switch configuration file off-line and limit access only to authorized administrators. The configuration file should contain descriptive comments for each setting.

  • Implement port security to limit access based upon MAC addresses. Disable auto-trunking on all ports.

  • Use these port security features if they are available on your switch:

    • MAC Locking involves associating a Media Access Control (MAC) address of one or more connected devices to a physical port on a switch. If you lock a switch port to a particular MAC address, superusers cannot create backdoors into your network with rogue access points.

    • MAC Lockout disables a specified MAC address from connecting to a switch.

    • MAC Learning uses the knowledge about each switch port's direct connections so that the network switch can set security based on current connections.