Ports in the network profiling context are not the same as the ports used at the transport layer. Network utilization based on the protocol (and hence TCP/UDP port) is covered in throughput and session duration. In the network profiling context, ports used refers to the physical interfaces on switches and routers. During the network build, network designers should have planned and documented which interfaces go to, and from, which other interfaces; they produce and maintain a network diagram, updating as and when devices are added/removed/moved. A device that can access the network, particularly via a physical (and normally unsecured) connection, could pose significant threats to the system. They would appear to be already within the trusted internal network.
On Cisco equipment, individual interfaces may be activated or shut down, which makes it more difficult to insert a further device onto the network. In addition, things such as port-security can be used to lock interfaces to specific MAC addresses, or to a certain number of devices. Cisco devices can produce alerts on a strange device attempting to connect or take automatic action such as shutting down the interface or dropping incoming packets.
Cisco also utilizes Cisco Discovery Protocol (CDP), or Link Layer Discovery Protocol (LLDP), to advertise themselves and receive advertisements, and to build a representation of what types of device are connected to each interface. This would allow, for example, swapping two network devices (with differing MAC addresses), while still alerting administrators if an unexpected device type appears on a link.
The following screenshot shows the output from CDP and LLDP from the routers in the basic network shown. Notice how the network diagram could be derived from the CDP output. This obviously increases in difficulty with network complexity:
Network access control (NAC) is an enhancement of these methods, in which the network attempts to identify the type of device as it connects to the network, as well as who is using the device. This user identity then is given access to the relevant resources, VLAN, and so on regardless of their physical location. NAC reduces the administrative burden of fixing interfaces and devices. Portability and flexibility are built into the NAC system.