port security

What is 802.1X? Here's a Technology Primer

Jennifer Jabbusch — Fri, 22 Aug 2008 16:47:19 -0400

I run into two fundamental problems when I start to talk to customers or audiences about Network Access Control and its related standards and protocols. What are they? Number 1, most folks have no clue what 802.1X actually is. Number 2, for the most part, they don’t really understand what NAC is either. The fact that they’re such common ‘buzz words’ in today’s IT world makes people hesitant to ask questions. You know we IT-folk don’t like admitting we don’t know everything about anything! However, these are rather simple concepts with extremely complicated components and 98% of the technology world doesn’t really know as much as they’d like to about NAC and 802.1X. You’re not alone.

Read more

10 wishes for router security

Gregg_and_Dave — Tue, 12 Feb 2008 11:43:58 -0500

Reader Shaun wrote in with 10 points he'd like to see in router security (our responses are below):

1. Stand-alone Router secured

2. Stand-alone switch secured. Including Port Security features.

3. Stand-alone Router supporting a single secured incoming VPN connection

4. Stand-alone Router supporting maximum secured Wireless

5. Stand-alone Router supporting a VPN across a maximum secured Wireless

6. RIP2/OSPF/EIGRP routing between 2 or more routers done securely with full explanation on how key chains works and what are the relevent/significant parts of configuring key chains.

7. Securing Multiple switches, VLAN's and VTP Domains.

8. Setting up secure in band Managment Networks

Read more

3 Most Commonly Configured Catalyst Switch Security Features

jheary — Wed, 03 Oct 2007 22:34:53 -0400

There are several security features that have been embedded in catalyst switch software. Many of which are, or should be, used as commonly as VLANs. Let’s take a look at the three most popular of these and their uses. Port Security – This is one of the most commonly used switch security feature of all. It is vital for protection against MAC spoofing and CAM table overflow attacks. This feature works by limiting an access port to allowing only a set number, usually 3-5, of MAC addresses per access port. It should not be used on trunk ports. It can dynamically learn the MAC addresses or you can statically configure them for things like routers that don’t change. Example IOS configuration: switchport port-security. Note that additional commands will be required.

Read more

Information Security: 7 Data Leaks You Can't Ignore

mroedell — Wed, 29 Aug 2007 21:57:34 -0400

Information security controls are an essential part of operations for all financial institutions. Members expect that their local Credit Union is just as secure as the “big bank” located a few hundred feet away in the same parking lot at the mall. The only difference is that the local Credit Union information security budget pales in comparison to the multi million that the big bank will spend.

When a limited budget is combined with a lack of understanding proper security controls, many Credit Unions turn to local consulting companies who often times roll out ineffective “security programs” that can be costly and don’t add much value to increasing their security posture.

Read more