Scribd
Upload
8 views9 pages

Securing The Expanded Network: Medium-Sized Switched Network Construction

The document discusses recommended practices for securing switch devices in a network, including securing switch access through passwords, SSH, and authentication, securing switch protocols like Cisco Discovery Protocol and spanning tree, and mitigating compromises through switches by securing trunk links and ports. It also mentions using port security to restrict access by MAC address and 802.1X authentication to require network access authentication through switches.

Uploaded by

tuancoi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views9 pages

Securing The Expanded Network: Medium-Sized Switched Network Construction

The document discusses recommended practices for securing switch devices in a network, including securing switch access through passwords, SSH, and authentication, securing switch protocols like Cisco Discovery Protocol and spanning tree, and mitigating compromises through switches by securing trunk links and ports. It also mentions using port security to restrict access by MAC address and 802.1X authentication to require network access authentication through switches.

Uploaded by

tuancoi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Securing the

Expanded
Network

Medium-Sized Switched Network Construction

http://vnexperts.net

ICND1 v1.01-1

Overview of Switch Security

http://vnexperts.net

ICND1 v1.01-2

Recommended Practices:
New Switch Equipment
Consider or establish organizational security policies.
Secure switch devices:
Secure switch access.
Secure switch protocols.
Mitigate compromises through switches.

http://vnexperts.net

ICND1 v1.01-3

Recommended Practices:
Switch Security
Secure switch access:
Set system passwords.
Secure physical access to the console.
Secure access via Telnet.
Use SSH when possible.
Disable HTTP.
Configure system warning banners.
Disable unneeded services.
Use syslog if available.

http://vnexperts.net

ICND1 v1.01-4

Recommended Practices:
Switch Security (Cont.)
Secure switch protocols:
Trim Cisco Discovery Protocol and use only as needed.
Secure spanning tree.
Mitigate compromises through a switch:
Take precautions for trunk links.
Minimize physical port access.
Establish standard access-port configuration for both unused
and used ports.

http://vnexperts.net

ICND1 v1.01-5

Port Security

Port security restricts port access by MAC address.


http://vnexperts.net

ICND1 v1.01-6

802.1X Port-Based Authentication

Network access through the switch requires authentication.


http://vnexperts.net

ICND1 v1.01-7

Visual Objective 2-1: Configuring


Expanded Switched Networks
Subnet
10.1.1.0
10.2.2.0
10.3.3.0
10.4.4.0
10.5.5.0
10.6.6.0
10.7.7.0
10.8.8.0
10.9.9.0

VLAN
1
2
3
4
5
6
7
8
9

http://vnexperts.net

Devices
Core Switches, CoreRouter, SwitchX
CoreRouter, RouterA
CoreRouter, RouterB
CoreRouter, RouterC
CoreRouter, RouterD
CoreRouter, RouterE
CoreRouter, RouterF
CoreRouter, RouterG
CoreRouter, RouterH

ICND1 v1.01-8

Summary
Follow recommended practices for securing your switched
topology by using passwords, deactivating unused ports,
configuring authentication, and using port security.
To secure a switch device, you must secure access to the switch
and the protocols that the switch uses.

http://vnexperts.net

ICND1 v1.01-9

You might also like