Network blocking

From Security Wiki
Revision as of 22:25, 9 February 2007 by Dombrowh (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Blocking Network Ports Jay Dombrowski 2-8-07


1) Objective MAC Locking MAC Locking ensures that only specific MAC addresses can access a port, and that traffic from any other MAC addresses will be discarded. You might take advantage of MAC Locking if, for example, you want to prevent more than one user from accessing a port at a given time. There are two kinds of MAC Locking: Dynamic and Static. When you enable Dynamic MAC Locking on a port, the next MAC address that authenticates or accesses the port (up to the maximum number of dynamic locked MAC addresses allowed) will have exclusive access to that port from that time on. Static MAC Locking lets you create a list of locked MAC addresses for a port so that the port only accepts traffic from those MAC addresses. MAC Locking is only available on devices that support it, and is not allowed on backplane and logical ports. In order for MAC Locking to take effect on a port, it must be enabled at the device level. You can do this using the Device Configuration wizard, or the device MAC Locking tab. You can enable and disable MAC Locking for a specific port on the Port Properties MAC Locking tab. You can also enable MAC Locking for multiple selected ports in the Port Configuration wizard.

-this doc is a policy/standard/guideline

-purpose/overview

2) Scope

-compulsoryapplies to all hardwired ports on hardware controled by SDSC

- or guideline

3) Document framework

-status

-revision

-date reviewed

-heading/subheadings

4) Roles and responsibilities

-approval authority

-users

-sec manager

-managers

5) Goverance

-implemetation

-enforcement

-non-compliance

-where documents kept

-questions

Retrieved from "https://security.sdsc.edu/mediawiki/index.php?title=Network_blocking&oldid=1652"