On Mon, Oct 6, 2014 at 4:17 PM, Giancarlo Razzolini
<grazzol...@gmail.com> wrote:
> Traffic in the clear, even on a switch controlled by you, doesn't mean
> that anyone with physical access couldn't tap into your switch and see
> the traffic.
Which is why you need to lock down the switch as well.
Password protected. Disable all unused ports.
Have some kind of MAC detection to detect and alert unknown MACs
(e.g. infoblox or something home rolled - not that difficult)
Good security is also a matter of the policies and procedures you
have in place. Who has root access? How do they access root?
(sudo is best - and log it all). Is there a change management
policy and procedure?
--
"Don't eat anything you've ever seen advertised on TV"
- Michael Pollan, author of "In Defense of Food"
