Cisco Blogs

The Importance of Security in Switches

Smart and managed switches can help secure your network from the inside out

Managing who can hop on to your network from the inside has become more important than ever, now that almost everyone who enters your building is carrying a laptop with an Ethernet port, a Wi-Fi-enabled smartphone, or a tablet computer configured to locate the nearest wireless network. Likewise, you may want to give visiting partners or other guests an Internet connection without giving them access to all your network resources. Bottom line: you need to secure your network on the inside. A switch with built-in security features adds another layer of defense for your network, protecting the devices on your LAN from internal threats.

Switches are the foundation of your network, connecting computers, servers, printers, and other peripheral devices. There are three types of switches—unmanaged, smart, and managed. Smart and managed switches both include security features, but managed switches give you the most control over network traffic with more advanced security and features.

A secure managed switch should include these security features:

  • Embedded security for encrypting network communications and protecting management data that travel to and from the switch
  • Access control lists (ACLs) for restricting areas of the network from unauthorized users as well as guarding against network attacks
  • Virtual LANS (vLANs) for segmenting the network into separate work groups or creating a guest work group for giving visitors limited access to your network and to the Internet

Some managed switches provide even more sophisticated security features. For example, the Cisco 300 Small Business Series Managed Switches support IEEE 802.1X port security for tightly controlling access to by requiring authentication. Port security limits MAC addresses on a port; therefore, to get access to your network, each device’s MAC address has to be in the switch’s table of authorized addresses. Time-based 802.1X can also restrict users’ access to a range of time, such as only during the work day.

The 300 Series also offers security mechanisms that protect your network from invalid configurations or malicious intent as well as ensuring that the switch will continue to process management traffic, even if the device is flooded with traffic. For instance, it can detect and block deliberate DoS (Denial of Service) attacks on your network.

It’s not safe to assume that your network is safe from security threats, even if you have a firewall as well as antivirus and antimalware software installed. Although tools prevent against viruses, worms, and other threats, a managed switch with built-in security features lets you control exactly who has access to your local network. You can use the switch to limit the network devices that users can connect to from their computers and define the resources that they have access to. But if an intruder does slip past, the switch’s embedded security will deter the unauthorized user from taking over the switch and disabling all of its defenses.

What factors influence your decision to install a managed, secure switch or an unmanaged switch?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.