Device Hardening

the device needs to be rock hard

Hardening is basically making any device secure against tampering and abuse.

• Change default password
• Enforce password complexity and length requirements
• Use role-based access
• Disable unneeded network services like Telnet or VNC (services.msc and systemctl for Windows and Linux)
• Disable insecure network protocols

Port Guards

How to counter MAC address spoofing, ARP cache poisoning and other on-path attacks?

• Dynamic ARP Inspection
• DHCP Snooping
• RA Guard
• ND Inspection
• BPDU Guard
• STP Root Guard