mailing list archives
Re: Locking down Ports and DHCP (Tyler Robinson)
From: Cody Dumont <CDumont () nwnit com>
Date: Thu, 29 Jul 2010 09:32:07 -0400
If you are running Cisco as the switching platform, I have a configuration builder on my blog http://www.melcara.com.
The posting is called "Secure Switch Config 0.01". The config builder show how to enable Dynamic ARP Inspection (DAI),
DHCP Snooping and Port Security. The config builder also shows how to harden then control plane of the switch. If you
don't have Cisco switches, the concepts shown should also be somewhat applied to any other vender if the vender
supports the features previously mentioned. Also you might want to consider something like 802.1x, which uses RADIUS
to authenticate a user to the switch port and can quarantine the user if authentication fails. Sophos
(www.sophos.com<http://www.sophos.com>) also have a good NAC product and the Cisco NAC is good, but very expensive.
Note: This message and any attachments is intended solely for the use of the individual or entity to which it is
addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt
from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited. If you have received this communication in
error, please notify the original sender immediately by telephone or return email and destroy or delete this message
along with any attachments immediately.
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com
- Re: Locking down Ports and DHCP (Tyler Robinson) Cody Dumont (Jul 29)