Next we're going to look at securing switches. Like the routers we need to restrict access to the console and auxiliary ports on campus switches. So the distribution and access switches are usually in locked equipment cabinets and strategic parts of the buildings. If the cabinets are not locked you'll need to find other ways of ensuring that these devices are well out of general population and general user reach. Physical access needs to be considered very carefully. You want to restrict login access over the network as well. Turn off telnet, of course, we need to set up secure shell again only version 2 and protect the control plane login ports with filters on the management VLAN interface. We also need to secure the wireless access points again restricting access to the physical console port if the wireless access point has a console port. In fact some of the modern access points don't have a physical console port and instead just have a single ethernet interface and quite often a hidden button which is a reset switch setting the access point back to factory defaults. Last thing you want is for an end user to be able to access this switch and reset the wireless access point. Campus wireless access points are usually mounted on ceilings. While out of reach we want to restrict access over the network as well. Most modern APs are managed by dedicated software or even hardware controllers and so these hardware controllers need to be protected like routers and switches are. Software controllers running on laptops or tablets need to have proper management access permissions.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.