====== Network Security Recommendations ======
  * SNMP ACLs
  * VTY ACLs
  * VLAN ACLs whitelisting address space for outbound traffic (prevents source spoofing)
  * Port Security – We are using it, but we should enable it everywhere even at high number of MAC address allowances (prevent MAC table overflows), set aging time on VM ports
  * MAC address ACLs (blacklist MAC addresses on switches preventing user from jumping between switch ports and switching IPs)

  * DHCP Snooping on switches in DHCP environments (i.e. Engineering, Chemistry, etc.)
  * IP Source Guard
  * Dynamic ARP Inspection

  * Cisco torch – Vulnerability scanning and exploitation
  * OpenVAS – Vulnerability scanning and exploitation
  * Yersinia – exploit tool
  * MetaSploit – exploit tool


-- Main.FredPettis - 2012-05-24