5.5. MAC Addressing

To this point we have primarily discussed availability within the switched portion of the network. While availability is an important part of network security, protection against unauthorized intrusion is equally important. A properly configured switch can assist in this type of protection as well. If an administrator can prevent an attacker from plugging directly into network, it will be that much more secure.

Most networks have several unused ports on their switches. These ports are potential security holes, as anyone can plug into an unused network jack and have access to your network. One solution is to disable all unused ports, and then enable/disable them as needed. This solution is problematic for two reasons:

  1. It takes ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.