Only patch ports as necessary.

Update the switch firmware whenever possible to remove possible bugs.

Password-protect the switch whenever possible.

Use secure protocols, such as HTTPS and SSH, whenever possible, or better yet, perform all of your configuration from the console.

Limit remote management of the switch to only the stations that you need, if possible. If the switch allows for this, turn off remote management if you re not using it.

Disable unnecessary monitoring/reporting protocols on the switch. Learn how to properly configure the ones that you do use to avoid

security holes. In most cases, make sure you disable SNMP read-write abilities.

Consider using VLANs to give special stations extra security when possible.

Create at least one extra VLAN, if possible, for most of your workstations, so that the primary VLAN remains as an administration-only VLAN for extra security. Many vendors use VLAN1 as a default administrative VLAN1 with special access privileges, so you ll want to move your end users to another VLAN for this reason alone.

Use MLS to configure static or dynamic VLANs to provide extra security for single-function servers, such as mail and Web servers.

Keep a backup of managed switch configurations in case of emergency.

Diagram and document your network to aid in troubleshooting. Include warranty support phone numbers, contract numbers, serial numbers, and other information that will help you quickly resolve a problem if you need to call technical support.

Baseline your network performance. Lower than usual performance can indicate tampering or an...