However, besides the infomation Leo provided with his reference, some later device IOSs support an AutoSecure command that will apply many of the recommendations in Leo's reference. Also, some of the free tools Cisco provides, such as SDM, can provide a security audit and suggestions (and optional activation) of IOS features to secure a Cisco device. (Note, not all Cisco devices are supported by such tools.)
apologies for not posting a reply to your previous posts
leolaohoo - you're quite right, its a 3560-E
thanks for both your comments and links as they were both extremely useful
i think the version of IOS i'm using Version 12.2(35)SE5 covers most of the NSA recommendations by default but there are some good best practice guidelines and these are also covered in more detail by the cisco link
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...