Disable Unused Network Device Ports
Network devices should have any unused physical ports turned off to prevent unauthorized access.
Plain language
This control means turning off any network ports that aren't being used in your organisation's devices, like routers or switches. It matters because if these ports are left on, someone could plug in and access your network without permission, which could lead to sensitive data being stolen or your systems being hacked.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2018
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingSection
Network design and configurationOfficial control statement
Unused physical ports on network devices are disabled.
Why it matters
Leaving unused ports active can allow unauthorised network access, enabling rogue device connection, lateral movement and potential data breaches.
Operational notes
Regularly audit switch/router physical ports and administratively shut unused ones; alert on port state changes to detect unauthorised connections quickly.
Implementation tips
- IT team: Identify all network devices in your organisation such as switches and routers that might have unused ports. Do this by conducting a physical walk-through of your network infrastructure and checking the port status on network device management interfaces.
- IT manager: Create a policy to regularly check and disable unused ports on all network devices. Draft a standard procedure that involves routinely generating a list of active and inactive ports from network management software.
- System administrator: Disable unused ports by accessing network device management settings. Use the device’s user interface to manually turn off any ports that aren’t in use, following the vendor's guidelines.
- Network security officer: Set up alerts for when new devices are connected to any network port. Use your network management tools to configure alerts which notify you by email or app when unexpected devices are connected.
- IT support team: Train staff to recognise the importance of keeping unused ports disabled. Develop a quick training session or reminder guides, outlining how to inform IT when a port is no longer required, and what steps to take if they see someone using an unallocated port.
Audit / evidence tips
-
Asknetwork port status reports: Request reports showing the current status of each port on network devices
Goodis seeing a majority of ports marked as 'inactive' or 'disabled' along with recent audit dates
-
Askto see the device management procedure document: This should outline steps on checking and disabling ports
Goodincludes detailed, current procedures that match the actual setup and practices
-
Asktraining schedules or records: Request documented evidence of staff training on unused port policies
Goodis seeing regular training dates and broad staff understanding of port security
-
Askto view automated alert configurations: Request a demo of the alert system for unauthorized port usage
Goodincludes seeing real-time alerts function correctly during testing
-
Aska recent audit report on network devices: Request an internal or third-party audit report highlighting port usage
Goodcontains no critical findings on open, unauthorized ports
Cross-framework mappings
How ISM-0534 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| link Related (1) expand_less | ||
| Annex A 8.20 | Annex A 8.20 requires network devices to be secured and controlled to prevent unauthorised access to information and services | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.