[149768] in North American Network Operators' Group
Re: Common operational misconceptions
daemon@ATHENA.MIT.EDU (Mike Lyon)
Wed Feb 15 17:54:27 2012
In-Reply-To: <FC93A3C8-7DC0-4325-BD72-5BEFF5ED37A6@tzi.org>
Date: Wed, 15 Feb 2012 14:53:34 -0800
From: Mike Lyon <mike.lyon@gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
With security in mind:
Use other VLANs other than vlan1. Disable vlan1. Disable ports (physical
and logical) that aren't in use. Encrypt your passwords in your config, etc
etc etc...
On Wed, Feb 15, 2012 at 2:49 PM, Carsten Bormann <cabo@tzi.org> wrote:
> On Feb 15, 2012, at 23:36, Chuck Anderson wrote:
>
> > security
>
> That must be the top of the list:
>
> Switches provide security (by traffic isolation)
> DHCP provides security (by only letting in hosts we know)
> MAC address filtering provides security (fill in the blanks=85)
> NAC provides security
> NATs provide security
> Firewalls provide security
> Buying Vendor-_ provides security
>
> Gr=FC=DFe, Carsten
>
>
>
--=20
Mike Lyon
408-621-4826
mike.lyon@gmail.com
http://www.linkedin.com/in/mlyon
