Chapter 5. Securing ports by using the Port Security feature
In the last chapter you learned how to secure unused ports by disabling them. Disabling unused ports can stop a bad guy from plugging a malicious device into an unused port and getting unauthorized access to the network. It can also help train users—especially those in remote offices—to call IT before moving things around. After a few go-rounds of plugging a computer into an empty port and having it not work, most people will take the hint that they need to call IT first.
But although disabling ports is the most secure option for dealing with unused ports, it does nothing to secure in-use ports. And in a live environment, the majority of switch ports will be in use.