Networking maintains a list of approved hardware components and their required configurations.
Networking hardware components are not accessible to unauthorised individuals.
Specification
Switches do not operate in promiscuous mode.
TACACS+ is preferred over RADIUS as a means of authentication.
SNMPv3 Community strings and passwords are managed as part of privileged access management and thus rotated when there have been changes in the roles or employment status of anyone with access to them. The use of SNMPv2 is prohibited.
Anti-spoofing protection is in place, such as IP Source Guard (CISCO), Port Security, DHCP snooping and Dynamic ARP Inspection.
ISO 27001 & 27002:2022
A5.8,
A8.14,
A8.20,
A8.21,
A8.22,
A8.31
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SM.08 Infrastructure resource protection and availability
SM.11 Network security