Every open port is a possible entry point. To mitigate risk, disable unnecessary ports and services
We can control access to ports with a firewall (new gen firewall)
Change the default credentials for devices - these are often public info and provide full control over a device
Features built in to switches that prevent unauthorized users from connecting to a switch interface
Based on source MAC address - we can configure how many MAC addresses can be associated with an interface - if this is exceeded, port security activates and may disable the interface
Best practice - takes more time and effort, but more secure
We can require authentication to connect to any interface on a switch. This is referred to as Network Access Control (NAC), often implemented as 802.1X
Used to limit access to devices based on their hardware address
MAC addresses can be spoofed to bypass this - an attacker may scan a network to discover a working MAC address to spoof
Centralized management consoles for keys and certificates of specific or various different services or cloud providers
SSH keys, TLS/SSL Certificates, Reports