Best Practices: How should you be configuring your network switches?

Networks today are used for almost everything you do; whether it be supporting your business, providing communication, or delivering entertainment the list goes on and on. With this being said, it is pivotal to understand every element of your network in order to get the most out of it. A fundamental element in every network is the switch, which is used across the board from small/home office (SOHO) to major ISPs (Internet Service Providers). If your switches are not configured properly disaster may occur, inviting attackers to take advantage of your network.

Below are our best practice Do’s and Don'ts for proper switch configuration to ensure that you are protected.

Dos:

Add hostname to differentiate switch in large networks.
Create intricate passwords and always enable encryption.
Disable TELNET! Use SSH instead. (Requires crypto image on Cisco)
Configure ACLs to restrict access to SSH console if possible.
Comment configuration lines as much as possible.
Regularly backup your switch startup configuration to FTP or TFTP.
Use SNMP v2 or higher for monitoring and administration.
Ports connecting to other switches and ISPs should always have descriptions providing clarity to all administrators.
Disable Aux port when not required.
Keep switch firmware upgraded.
Set up a syslog server and configure all network devices to log in to it, verifying that each syslog server is successfully receiving events from every device.
If your switch provides it, enable DHCP guarding to block rogue DHCP servers.
Shutdown the unused ports or add them to the VLAN with no access.

Don’ts:

Do not use default VLAN. VLAN 1 on cisco switches.
Do not use SNMPv1 because credentials are sent in clear text.
Switches have auto-negotiate function. Do not statically set duplex and speed unless absolutely necessary.
Do not use DHCP to assign IP addresses to critical IT systems (switches, firewalls, servers, and the like). Instead assign static IPs, and make sure that those statically assigned IPs are excluded from the DHCP lease range.
Do not store passwords in plain text. You may use hashing algorithms(ex-MD5) if available. Public key authentication would also be a better choice.

Best Practices: How should you be configuring your network switches?

Dos:

Don’ts:

Categories

Labtech

Mac Agent Functionality Within ConnectWise Automate

ConnectWise RMM vs Automate: Should I be using CW RMM?

ConnectWise Automate on Linux – Best Practices

ConnectWise Automate Maintenance Mode Explained Best Practice

Uninstalling and Offboarding Automate Agents

How to Set Up Automate users to use ConnectWise SSO

Windows 10 Build Upgrades are Inevitable - Use Kaseya/ConnectWise Automate to Deploy

Best Practice Naming of Patching Groups

Automate 12 Patch 9 Now Available!

5 Tips for using the Report Center

Business Continuity

Proactive Maintenance

Kaseya

What Should I be Automating in Kaseya VSA 9.5?

Security Best Practices for Kaseya VSA

Kaseya VSA: Software Management vs. Patch Management

Software Management Enhancements

Two-Factor Authentication in Kaseya VSA

Windows 7 & Windows 10 Multiple Builds End of Life – Upgrade Using Kaseya or ConnectWise Automate

Kaseya Network Monitor: Benefits & Features

Kaseya Patch 9.5.0.22 and Future Updates

Kaseya's New State-of-the-Art Contemporary User Interface

Kaseya Product Release - April '19

Datto

Creating & Implementing a Disaster Recovery Plan

Disaster Recovery – Minimizing Impact of Downtime

Updating a Datto Device

Datto Agent Communication Errors

Datto

StorageCraft

Get in touch today for MSP Centralized Services