We have disabled all unused switch ports, but still have occasional problems with users unplugging workstations and plugging in laptops. We haven't had any real security breaches (viruses, worms, etc) - YET, but I realize we've been fortunate.
We are considering enabling port security on all the switches, but I have some concerns about the effort to implement and then maintain this architecture. Do you have any thoughts or advice?
There are overlay products that can plug into your switches (over a spanning port typically) and track "unknown" machines. These so-called pre-admission NAC devices provide a bit cleaner management, but do cost money and require that you manage another device.
As with everything else, it's a trade-off. Most folks just do nothing and hope that they can trust their internal employees to do the right thing and not use the corporate network for malicious intent.
Dig Deeper on Network Security Best Practices and Products
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.