Most network administrators give very little thought to the switches in a network. As long as they are forwarding traffic properly, they are generally ignored. As you have seen from this chapter, a switch can be a very powerful tool for securing a network. It can also be a very powerful tool for an attacker. Because a switch represents an access point into the network, it is important to make it as difficult as possible for an attacker to gain network access through a switch. Of course, this restrictive access has to be coupled with the need legitimate users have to access the network. Methods for securing a switched network include mapping MAC addresses to a switch port, disabling unused ports, and, where applicable , creating static ARP table entries. These security measures, used in tandem with other measures discussed throughout this book, will help to keep the network secure. |