Defending Network Switches
Best practices: switch security considerations and security policies

Network security vulnerabilities include loss of privacy, data theft, impersonation, and loss of integrity. Basic security measures should be taken on every network to mitigate adverse effects of user negligence or acts of malicious intent.

Best Practices following these general steps are required whenever placing new equipment in service.

  1. Consider or establish organizational security policies.
  2. Secure switch devices.
  3. Secure switch protocols.
  4. Mitigate compromises launched through a switch.

Organizational Security Policies
It is important to consider the policies of an organization when determining what level of security and what type of security should be implemented. There is a need to balance the goal of reasonable network security against the administrative overhead that is clearly associated with extremely restrictive security measures.

A well-established security policy has these characteristics:

  • Provides a process for auditing existing network security.
  • Provides a general security framework for implementing network security.
  • Defines behaviors toward electronic data that are disallowed.
  • Determines which tools and procedures are needed for the organization.
  • Communicates consensus among a group of key decision makers and define responsibilities of users and administrators.
  • Defines a process for handling network security incidents.
  • Enables enterprise-wide, all site security implementation and enforcement plan.