Switch Security Configuration – Part 2

Switch security configuration involves implementing measures on network switches to protect the LAN from unauthorized access and attacks.

Key Objectives:

Prevent unauthorized access to switch ports.

Protect against attacks like MAC spoofing, VLAN hopping, and ARP poisoning.

Ensure network availability and integrity.

Common Security Features:

Port Security:

Limits devices per port using MAC addresses.

Can restrict, protect, or shut down a port on violation.

BPDU Guard:

Protects the Spanning Tree Protocol from malicious BPDU messages.

DHCP Snooping:

Prevents rogue DHCP servers from assigning incorrect IPs.

Dynamic ARP Inspection (DAI):

Prevents ARP spoofing attacks.

VLAN Security:

Use private VLANs and proper trunk port configurations to isolate traffic.

Port Shutdown/Shutdown Modes:

Administratively disable unused ports to prevent unauthorized access.

Best Practices:

Regularly update switch firmware.

Monitor switch logs for suspicious activity.

Apply least privilege principles for administrative access.

Benefits:

Protects network from internal and external threats.

Ensures stable and reliable LAN operation.

Reduces risks of downtime or data breaches.