Some switch hardening best practices include the following: Default passwords should immediately be changed when configuring a switch. The California Password Law (2020) requires all of the devices to force a change to the default password. The more complex the password, the harder it is to break. Limiting the number of failed logins by a temporary lockout prevents dictionary attacks. Passwords should be changed every 12 months.

AAA (Authentication, Authorization and Accounting) is a way to manage passwords centrally using solutions such as TACACS+ or RADIUS. This enables to keep the passwords locally, helps the integration with Microsoft Active Directory for a single password logon and improves reliability.

Every network device needs to be able to display a login banner as per NERC CIP to display who is allowed to use the device or not.

Narrated by iS5 Communications' Field Application Engineer Dominic Iadonisi.