Network Security Recommendations

• SNMP ACLs
• VTY ACLs
• VLAN ACLs whitelisting address space for outbound traffic (prevents source spoofing)
• Port Security – We are using it, but we should enable it everywhere even at high number of MAC address allowances (prevent MAC table overflows), set aging time on VM ports
• MAC address ACLs (blacklist MAC addresses on switches preventing user from jumping between switch ports and switching IPs)

• DHCP Snooping on switches in DHCP environments (i.e. Engineering, Chemistry, etc.)
• IP Source Guard
• Dynamic ARP Inspection

• Cisco torch – Vulnerability scanning and exploitation
• OpenVAS – Vulnerability scanning and exploitation
• Yersinia – exploit tool
• MetaSploit – exploit tool

– Main.FredPettis - 2012-05-24