User Tools

Network Security Recommendations

  • SNMP ACLs
  • VTY ACLs
  • VLAN ACLs whitelisting address space for outbound traffic (prevents source spoofing)
  • Port Security – We are using it, but we should enable it everywhere even at high number of MAC address allowances (prevent MAC table overflows), set aging time on VM ports
  • MAC address ACLs (blacklist MAC addresses on switches preventing user from jumping between switch ports and switching IPs)
  • DHCP Snooping on switches in DHCP environments (i.e. Engineering, Chemistry, etc.)
  • IP Source Guard
  • Dynamic ARP Inspection
  • Cisco torch – Vulnerability scanning and exploitation
  • OpenVAS – Vulnerability scanning and exploitation
  • Yersinia – exploit tool
  • MetaSploit – exploit tool

– Main.FredPettis - 2012-05-24

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also, you acknowledge that you have read and understand our Privacy Policy. If you do not agree, please leave the website.

More information