5.5. MAC Addressing
To this point we have primarily discussed availability within the switched portion of the network. While availability is an important part of network security, protection against unauthorized intrusion is equally important. A properly configured switch can assist in this type of protection as well. If an administrator can prevent an attacker from plugging directly into network, it will be that much more secure.
Most networks have several unused ports on their switches. These ports are potential security holes, as anyone can plug into an unused network jack and have access to your network. One solution is to disable all unused ports, and then enable/disable them as needed. This solution is problematic for two reasons:
It takes ...