Understanding Switch Security

Understanding Switch Security:

Completion of the security in the physical access, and there should be a growth in need to the process that to ensure access to various ports is thoroughly secure of any EXEC session connection, mostly by securing the console port (CON) and by securing the Telnet ports (VTY) and by adding to this an administration they will assign a certain permanent address to the variant ports. And to ensure security holes not to become by the switch ports various sections are described to migrate electrical, environmental and mitigate hardware and other maintenance related security type of threads to the Cisco IOS devices.

Physical and Environmental Threats:

Installation of software’s and other improper or the incomplete device installation will also leads to the  security threat and if the mistake is left unconcerned then there will have a dire sort of results. The threat is included in all sort of devices or the server configurations. Because of the peer installation the data also cannot be retrieved and huge loss may occur.

And to this the beyond insecure type of configuration settings, four classes of insecure installations or the physical access threats has been implemented.

  Hardware threats: This sort of threat is physical damage for the switch and to the switch hardware.

  Environmental threats: In the increase of the temperature extremes (means when there is too hot or too cold) or by increase in humidity (means too wet or too dry).

 Electrical threats: Breaks in power supply, insufficient supply of voltage, voltage spikes, unconditioned power, and total power loss.

   Maintenance threats: Poor maintenance in the electronic components and poor cabling, poor labelling and lack of critical spare parts may result in the maintenance threats.

Configuring in Password Security:

To configure the password and other console a (CLI) command-line interface is used. The following sort of examples show the configuration of a switch.

Example 1: Switch Password Configuration: Virtual Terminal (Telnet) Password Configuration

SwitchX(config)# line console 0 SwitchX(config-line)# login SwitchX(config-line)# password india

Example 2: Switch Password Configuration: Console Password Configuration

SwitchX(config)# line console 0 SwitchX(config-line)# login SwitchX(config-line)# password india

Example 3: Switch Password Configuration: Secret Password Configuration

SwitchX(config)# enable secret sanfran

Example 4: Switch Password Configuration: Enable Password Configuration

SwitchX(config)# enable password india

Note: The passwords mentioned are for example purpose and in the real time purpose they should be stronger and they should be a complex password.

There uses the login local command which helps us to enable the password checking to be more protected as per the user basis by using the password username and password specified with the username global configuration command. In this the username commands and establish an encrypted passwords with its username authentication.

According to the difference in switches the maximum size of a MAC address is varied. And when consider the Catalyst 2690 series switch which has a capable to store up to 8192 MAC addresses and on other hand less sophisticated switches will not support that many MAC address.