====== Network Security Recommendations ====== * SNMP ACLs * VTY ACLs * VLAN ACLs whitelisting address space for outbound traffic (prevents source spoofing) * Port Security – We are using it, but we should enable it everywhere even at high number of MAC address allowances (prevent MAC table overflows), set aging time on VM ports * MAC address ACLs (blacklist MAC addresses on switches preventing user from jumping between switch ports and switching IPs) * DHCP Snooping on switches in DHCP environments (i.e. Engineering, Chemistry, etc.) * IP Source Guard * Dynamic ARP Inspection * Cisco torch – Vulnerability scanning and exploitation * OpenVAS – Vulnerability scanning and exploitation * Yersinia – exploit tool * MetaSploit – exploit tool -- Main.FredPettis - 2012-05-24