One way to boost network security is to use Cisco's Port Security feature to lock down switch ports.

A growing challenge facing network administrators is determining how to control who can access the organization's internal network—and who can't. For example, can anyone walk into your office, plug in a laptop, and access your network? You might argue that the wall jack has no connection to a switch, but couldn't someone just pull the Ethernet cable from a working PC and connect to the network that way?

You might think this an unlikely scenario, but it does happen. At my organization, there are many times when people walk in and plug in thier laptops to the Info. outlet to get the n/w address.

Networks having DHCP are more vulnerable to the attacks.

In its most basic form, the Port Security feature remembers the Ethernet MAC address connected to the switch port and allows only that MAC address to communicate on that port. If any other MAC address tries to communicate through the port, port security will disable the port. Most of the time, network administrators configure the switch to send a SNMP trap to their network monitoring solution that the port's disabled for security reasons.


This is true with most of the switches.... 3Com, Cisco etc....

However, as you know, there's usually a downside. In this case, it's that the network administrator is the only one who can "unlock" the port, which can cause problems when there are legitimate reasons to change out devices.