Based on the Layer 2 attack mitigation strategies, the following list summarizes the recommended Cisco procedures for securing Layer 2 networks:
■ Limit management access for a Layer 2 switch to trusted administrators.
■ If management protocols are used on a switch, use secure management protocols (such as SNMPv3) as opposed to management protocols that transmit information in plain text (such as SNMPv1 and SNMPv2c).
■ Disable any services running on the switch that are not necessary.
■ Use a port security configuration to limit the number of allowable MAC addresses that a port can learn.
■ Do not send user data over a native VLAN on an IEEE 802.1Q trunk.
■ Administratively shut down any unused ports.
■ Use STP protection mechanisms such as Root Guard and BPDU Guard.
■ Enable DHCP snooping and DAI to combat man-in-the-middle attacks.
biOos
No comments:
Post a Comment