What is the recommended solution to prevent unapproved devices from accessing the corporate network?

Implementing port security is an effective solution for preventing unapproved devices from accessing the corporate network. Port security enables network administrators to limit and control access to the network at the switch port level, allowing only devices that have been explicitly approved to connect. This is accomplished by binding specific MAC addresses to individual ports, which prevents any unauthorized devices from being able to connect to the network through those ports.

When port security is configured, if an unauthorized device attempts to connect, the switch can take predefined actions such as disabling the port, sending alerts, or restricting traffic until the device is authorized. This level of control makes it much more difficult for unauthorized devices to gain access, enhancing overall network security.

Other options, while useful in certain contexts, do not target the issue of unapproved device access as directly as port security. A demilitarized zone serves to isolate the external-facing services from the internal network but does not specifically manage device access. A hardware security module provides secure cryptographic functions but does not restrict network access. A software firewall offers protection against malicious traffic but typically does not manage device access at the physical layer level, which is critical for controlling which devices can connect.