Many devices in today’s networks operate at Layer 2. These devices are open to attacks that are inherent to Layer 2. It is imperative that security administrators understand how to control access, resist attacks, and guard other network devices and systems on the network.
Switches are targets, but often their security implications are overlooked. When protecting network switches, you need to provide the following protections:
Constrain Telnet access.
Set SNMP to read only.
Disable unneeded services.
Log unauthorized attempts.
In switches that deploy VLANs (which is the vast majority), you need to do the following:
Disable user ports from automatically trunking.
On trunk ports ...