CCNAS V1.2 Chapter 06 Securing the Local-Area Network

A secure network is only as strong as its weakest link. For this reason, in addition to securing the network edge, it is also important to secure the end devices that reside within the network. Endpoint security includes securing the network infrastructure devices in the local-area network (LAN) and end systems, such as workstations, servers, IP phones, access points, and storage area networking (SAN) devices. There are several endpoint security applications and devices available to accomplish this, including Cisco Email and Web Security appliances and Network Admission Control (NAC).

Endpoint security also encompasses securing Layer 2 of the network infrastructure to prevent against Layer 2 attacks such as MAC address spoofing and STP manipulation attacks. Layer 2 security configurations include enabling port security, BPDU guard, root guard, storm control, and PVLAN Edge.

Finally, the type of security solutions implemented depends upon the type of LAN technologies used. For example, networks that employ wireless, VoIP, and SANs technologies have additional security considerations and solutions.