Locking Down Your Switch.....Cont'd

I have been talking here and here of the importance of locking down your switch (indeed your network in general) and why this is so important. It seems to me that the most basic controls are often the most overlooked. It is not surprising that most best practices call for basic network physical security and, on the same note, it is not surprising that basic security is often overlooked.

Looking through PCI DSS, for example, you will see a requirement both for WAFs (Web Application Firewalls), which operate at Layer 7, and for restricting physcial access at OSI Layer 1. Indeed, it doesn't make sense to put 3 deadbolts on the front door if the back door or a window is still open.

Shared Assessments is a member-driven industry standard used to "inject standardization, consistency, speed, efficiency and cost savings into the service provider assessment process." This standard also requires that physical ports be locked down (disabled) as referenced in:

I.3 Secure System Hardening Standards: Unnecessary physical access ports disabled or removed.

On another note (and I will discuss in another post), it is interesting to note that both PCI DSS and Shared Assessments include OWASP Top 10 as requirements.