Fixed Access Networking Solutions

Securing the access layer should be divided corresponding to the type of access to the media because of the specifics of securing wireless as opposed to securing fixed access networks. This network security segment discusses security of wired networks.

Network devices are components of a network that enable endpoint hosts to communicate – this includes hardware and software like switches, hubs, routers, firewalls and so on. Network device security is combination of measures to secure network device itself to ensure proper communication between end hosts like servers, printers and workstations. This includes mitigation techniques like encrypting management access, disabling unused services, configuration management and other functions to secure the management and control planes of a device. Resiliency as a method of providing service availability in case of unusual event such as disaster could also be interpreted as part of network security. Device security also includes physical access security as a method for network continuation and survivability.

Port level security is a set of Layer 2 switch port security techniques. This includes features like limiting maximum MAC addresses learned on a switch port and other port-related security requirements like storm control.

OSI Network Layer 2 security is necessary to secure upper layer protocols. Some attacks target Layer 2 functions and weaknesses and they must also be addressed. Advanced Layer 2 security techniques include features like DHCP snooping and ARP Inspection.

Port level network access control provides Layer 2 switch port authentication that prevents unauthorized access to any host attached to the network without appropriate credentials. Until the user is authenticated only EAPOL traffic is allowed on a port. IEEE defines a standard for port-level access control – 802.1x.

MAC Security (MACSec) is a protocol for providing encryption and data traffic integrity preservation between devices on a Layer 2 segment. For example this could secure communication between switches and end hosts or between two switches in a network. This protocol and its function is part of the IEEE 802.1ae standard.