Best Practices: How should you be configuring your network switches?

Networks today are used for almost everything you do; whether it be supporting your business, providing communication, or delivering entertainment the list goes on and on. With this being said, it is pivotal to understand every element of your network in order to get the most out of it. A fundamental element in every network is the switch, which is used across the board from small/home office (SOHO) to major ISPs (Internet Service Providers). If your switches are not configured properly disaster may occur, inviting attackers to take advantage of your network.

Below are our best practice Do’s and Don’ts for proper switch configuration to ensure that you are protected.

Dos:

  1. Add hostname to differentiate switch in large networks.
  2. Create intricate passwords and always enable encryption.
  3. Disable TELNET! Use SSH instead. (Requires crypto image on Cisco)
  4. Configure ACLs to restrict access to SSH console if possible.
  5. Comment configuration lines as much as possible.
  6. Regularly backup your switch startup configuration to FTP or TFTP.
  7. Use SNMP v2 or higher for monitoring and administration.
  8. Ports connecting to other switches and ISPs should always have descriptions providing clarity to all administrators.
  9. Disable Aux port when not required.
  10. Keep switch firmware upgraded.
  11. Set up a syslog server and configure all network devices to log in to it, verifying that each syslog server is successfully receiving events from every device.
  12. If your switch provides it, enable DHCP guarding to block rogue DHCP servers.
  13. Shutdown the unused ports or add them to the VLAN with no access.

 Don’ts:

  1. Do not use default VLAN. VLAN 1 on cisco switches.
  2. Do not use SNMPv1 because credentials are sent in clear text.
  3. Switches have auto-negotiate function.  Do not statically set duplex and speed unless absolutely necessary.
  4. Do not use DHCP to assign IP addresses to critical IT systems (switches, firewalls, servers, and the like).  Instead assign static IPs, and make sure that those statically assigned IPs are excluded from the DHCP lease range.
  5. Do not store passwords in plain text. You may use hashing algorithms(ex-MD5) if available. Public key authentication would also be a better choice.

 

Greg White

Greg White

Greg White works on the business development team here at ProVal Tech. He graduated with a marketing degree from the University of Central Florida and is passionate about finding new ways to grow ProVal and the technology industry as a whole.

Categories

Get in touch today for MSP NOC Services

Contact Us

ProVal Technologies, Inc

498 Palm Springs Drive, Ste. 130
Altamonte Springs, FL 32701
United States
Phone: 407-588-0101

Facebook Twitter Instagram Linkedin Youtube
SOC 2 Certified Logo
Form CTA

©2023 ProVal Technologies, Inc All Rights Reserved.

Privacy Policy Disclaimer

Best Practices: How should you be configuring your network switches?

network-security-

I truly view ProVal as a partner and extension of my team, not as one of my vendors

When our NOC Manager left last fall we wanted to replace the position with an outsourced NOC to reduce headcount, and bring in an expert to both Labtech and our backup solutions. Bringing in ProVal Technologies was one of the best decisions we made last year and has paid for itself.During our first few monthly recurring Labtech admin meetings the ProVal team discovered incorrect settings and policies that were not applying correctly in our Labtech server. Things that we thought were automated and working were not. For example, there were multiple scripts and policies running but set to do nothing such as disk cleanup scripts. Cisco Umbrella was not configured correctly. Server alerting was not set right and the list went on.The backup team sends daily and weekly reports and updates that reduce my technicians time that we used to spend on backup or antivirus tickets that took forever and were tedious.ProVal also brings in great insights to our business and really cares about our success. They will frequently mention to me in meetings what new scripts they can import to make us more efficient or will schedule upgrades to our backups, Labtech, etc so I don’t have to worry. I truly view ProVal as a partner and extension of my team not as one of my vendors.

Chris-Warnick-Headshot
Chris Warnick
Vision Computer Solutions
Northville, MI

They will quickly become an extension of your team and your ROI will reflect the results

We have been a long time user of Labtech and had tried for many years to manage the product internally with no real success at the level we needed to make our solutions more efficient for our customers. Once we hired Vikram and his team at ProVal, it solved all our pain points with the product and we really felt like we were leveraging the tool as it was designed. If this sounds like you and it’s keeping you up at night, then you need these guys. They will quickly become an extension of your team and your ROI will reflect the results.

Bryan-Wolff-Headshot
Bryan Wolff
CEO, Wolff Logics LT Managed & Admin Services
Cedar Park, Texas

They work well, fast and on budget

We met Vikram from ProVal Tech at Gary Pica’s Shnizzfest a year ago. Vikram explained the advantage of having trained, certified personnel take care of our recent Automate implementation. Even though we had taken an implementation package from ConnectWise to start up the program, we felt many custom configurations we needed for our business were lacking. We hired ProVal Tech after Automate was installed to help us with this task. From sales to technicians everyone was professional and knowledgeable. Onboarding was simple, and well documented. Tools on the web were supplied while we did the work, and they allowed us to track what was done, and see the improvements in the environment. It was easy to reach any of the team members, for any concern or question – all answered with courtesy and smile. Once the work was finished, we were given some training and explanations, add to that documentation, about the work and the scripts and features added to the program. We have been happily working with Automate since then. We can only recommend this efficient team of people for any work into Automate: they work well, fast and on budget.

Ben-Prevost-Headshot
Ben Prevost
FarWeb IT
Sherbrooke, Canada