Security Sage's Guide to Hardening the Network Infrastructure
This text provides detailed, hands-on coverage on how use network devices, protocols and design techniques to optimize the security of your Enterprise Network.
TABLE OF CONTENTS Security Sage's Guide to Hardening the Network Infrastructure
Using Switching to Improve Security
Locking the door to the wiring closet doesn t cut it as high security anymore; the savvy network engineer has to take a few more precautions. Most network engineers don t give switch security a second thought because switches don t store any data. However, they do transfer data (and potentially confidential data), and that s all the motivation a talented hacker needs.
Patching the Switch
Many switches allow for firmware upgrades to fix known problems. Usually, this only applies to managed switches, but unmanaged switches might have a big enough problem that the vendor will release updated chips for the switch. Anyone who has ever flashed a switch can attest to how nerve-racking it is. If anything goes wrong, that could be it for the switch, and you ve just ruined your evening. Given that, why flash them?
Depending on the nature of the patch (and prevailing indecency laws in your state), you can elect not to install the patch. Some patches directly affect the security of the switch, and if this is the case, no matter what else you do, you will always have this security hole until you fix this. When it comes to security, you cannot keep your head in the sand. Make it part of your routine to regularly check your vendor s Web site for code updates, or better yet, if you re low on SPAM, see if you can sign up for your switch manufacturer s proactive notification mailing list.
Flashing a Switch
Copyright Syngress Publishing, Inc. 2004 under license agreement with Books24x7
