Monday, August 13, 2012

Cisco Switch Security (Introduction)

Networks are the core of all modern computer and information processing infrastructure. Regardless of the level of abstraction used - SaaS, PaaS, IaaS, cloud computing and so forth - networks and network devices still sit in the path of all data transfers.

Securing a network device means that steps will be taken to harden its configuration, ascertain no knowledge can be gained by interrogating the device, that only the authorized personnel will have access to its management interfaces and that it will contribute to the overall security scheme of the organization in a "security in depth" framework.

The result of a compromised network device can be extreme: not only the attacker has the ability to disrupt a corporation's communications, but also to modify the traffic path, sniff the transfers or even alter the data in transit. Scary? Yes and it is only a summary.

Several resources exist that describe how to secure network devices. One of them is the Security Configuration Guides as part of the NSA's Information Assurance program. Some of the steps in these articles are from that guide.

Over the next few weeks, different aspects of switch security will be examined:


  • Section 1 treats of the management console and interface
  • Section 2 addresses the security at the port level 
  • Section 3 examines security at the VLAN level
  • Section 4 deals with two additional layer 2 protocols
  • Section 5 treats of logging and logs
  • Section 6 deals with miscellaneous items