Reactive Quarantine

As in every security solution, those that are switch-based should also be multi-level. One shouldn’t assume that preventive measures such as authentication, policy management, and proactive quarantine will always resolve all the problems that occur. Instead the manufacturer should offer a function that will prevent intrusions, viruses, and worm propagation directly at each and every access port. It should be usable everywhere, independent of the type of end-system (PC, laptop, IP phone, printer, security camera, etc. – be it known or unknown, new devices) and user category (company employees, guests, consultants, partner companies, etc.). To ensure the highest security, all of these preventatives should be required as should traditional intrusion prevention systems (IPS), which are

Such a system should be open to other manufacturers regarding input (event), output (action) and the type of function (policy change, messaging options, etc.). To locate the intruder using MAC or IP, the access switch should support auto-learning of MAC-to-IP mapping in the switching mode, which is then stored in an indexed table (MIB). This table should be used by anti-spoofing solutions to prevent man-in-the-middle attacks, among other things.

Summary

Before selecting a switching solution, one should thoroughly contemplate and record one’s network demands. Based on those criteria, it will be possible to find the best solution bearing in mind the development of one’s network infrastructure and the expected end-systems. Taking all of these points into consideration will lead to the desire for a highly open, flexible, and scalable switch-based security solution.