[c-nsp] securing trunk
Curtis Doty
Curtis at GreenKey.net
Fri Apr 8 13:18:13 EDT 2005
lee.e.rian at census.gov wrote:
>"Arne Larsen" <arl at nordicom.tele.dk> wrote on 04/08/2005 03:43:27 AM:
>
>
>
>>Hi .
>>
>>I would like to reduce the possibility for an intruder to tap wire
>>
>>
>between
>
>
>>the access point and the switch,
>>
>>
>
>hmmm... how about running the cables through a pressurized conduit? Wire
>an alarm to the pressure sensor so all hell breaks loose if the pressure in
>the conduit drops.
>
>
>
And pressurize the conduit with green slimey goo. :-p
>>and further more prevent "him" for gaining
>>access to the network by unplugging the access point, and connecting his
>>
>>
>own
>
>
>>computer to the switch.
>>
>>
>
>802.1x plus IPSec? It's trivial to change the MAC address, so enabling
>port security on the switch isn't going to prevent someone from unplugging
>the access point and connecting his own computer to the switch.
>
>
Aye on the 802.1x. And aye on the nay to port security; since it is a
false sense of.
And finally add a script to your NMS that shuts down the interface
whenever the link state drops or cdp changes. Of course, you would want
to page yourself. So you can run on site to find the poor HVAC guy
covered in green slimey goo. And of course restore service to the sector
that you just disabled.
../C
More information about the cisco-nsp
mailing list