Home → Best Practices → Network Security → Switches
1.6. Switches
Must Have Practices Use SSH/SSL for management Capabilities VLAN segmentation Splits network devices into containers/traffic lanes Access Control Lists (ACL) Allows/Blocks certain traffic from communicating with other traffic. Network Access Control (NAC) Checked devices to make sure they meet organizations security requirements (Has Antivirus, installed windows patches, etc) Redundant power supplies Security and voice services rely on network connectivity. Best Practices Set Console session timeouts Prevent a rogue user from connecting to a device with elevated privileges Technicians should ensure they log off each session, whether remote or direct. Redundant core switches configured for failover Ensure maintenance contract matches life expectancy of hardware Ensure security updates will be available to match the life expectancy of the hardware. Configure VLAN segmentation to split traffic and meet security objectives of organization. Traffic prioritization Allows voice, security, or other services as the organization identifies to have a higher network priority than other traffic including, but not limited to rouge or malicious traffic. Auto provisioning of ports (VLAN segmentation and ACL) Cameras, access points, servers, clients, guest devices