[c-nsp] securing trunk

lee.e.rian at census.gov lee.e.rian at census.gov
Fri Apr 8 05:02:33 EDT 2005


"Arne Larsen" <arl at nordicom.tele.dk> wrote on 04/08/2005 03:43:27 AM:

> Hi .
>
> I would like to reduce the possibility for an intruder to tap wire
between
> the access point and the switch,

hmmm...  how about running the cables through a pressurized conduit?  Wire
an alarm to the pressure sensor so all hell breaks loose if the pressure in
the conduit drops.

> and further more prevent "him" for gaining
> access to the network by unplugging the access point, and connecting his
own
> computer to the switch.

802.1x plus IPSec?  It's trivial to change the MAC address, so enabling
port security on the switch isn't going to prevent someone from unplugging
the access point and connecting his own computer to the switch.


> The access point's are normally install in insecure areas, but the switch
is
> install in secure areas.

It sounds like there isn't much you can do.  If the access point is in an
insecure area there's nothing to prevent an intruder from installing a tap
between the access point and the switch.  The only thing I can think of is
using IPSec so even if an intruder puts a tap on the line is doesn't do him
any good.

Regards,
Lee


> /Arne
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list