By Eric Vyncke
LAN swap safety: What Hackers learn about Your Switches
A sensible consultant to hardening Layer 2 units and preventing campus community attacks
Christopher Paggen, CCIE® No. 2659
Contrary to well known trust, Ethernet switches aren't inherently safe. protection vulnerabilities in Ethernet switches are a number of: from the swap implementation, to regulate airplane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], etc) and knowledge aircraft protocols, reminiscent of deal with Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN swap safety explains all of the vulnerabilities in a community infrastructure with regards to Ethernet switches. extra, this e-book exhibits you the way to configure a swap to avoid or to mitigate assaults in response to these vulnerabilities. This e-book additionally contains a part on how one can use an Ethernet change to extend the safety of a community and stop destiny attacks.
Divided into 4 components, LAN swap defense offers you steps you could take to make sure the integrity of either voice and information site visitors touring over Layer 2 units. half I covers vulnerabilities in Layer 2 protocols and the way to configure switches to avoid assaults opposed to these vulnerabilities. half II addresses denial-of-service (DoS) assaults on an Ethernet change and exhibits how these assaults might be mitigated. half III indicates how a swap can really increase the protection of a community during the usage of wirespeed entry keep watch over record (ACL) processing and IEEE 802.1x for person authentication and authorization. half IV examines destiny advancements from the LinkSec operating workforce on the IEEE. For all elements, many of the content material is seller self sufficient and comes in handy for all community architects deploying Ethernet switches.
After analyzing this e-book, you have got an in-depth figuring out of LAN safety and be ready to plug the protection holes that exist in a large number of campus networks.
Eric Vyncke has a master’s measure in machine technology engineering from the collage of Liège in Belgium. considering the fact that 1997, Eric has labored as a exotic Consulting Engineer for Cisco, the place he's a technical advisor for safety overlaying Europe. His strong point for two decades has been ordinarily protection from Layer 2 to purposes. he's additionally visitor professor at Belgian universities for safety seminars.
Christopher Paggen, CCIE® No. 2659, received a level in laptop technology from IESSL in Liège (Belgium) and a master’s measure in economics from college of Mons-Hainaut (UMH) in Belgium. He has been with Cisco seeing that 1996 the place he has held a number of positions within the fields of LAN switching and safeguard, both as pre-sales aid, post-sales aid, community layout engineer, or technical consultant to varied engineering groups. Christopher is a common speaker at occasions, resembling Networkers, and has filed numerous U.S. patents within the safeguard area.
Jason Frazier is a technical chief within the know-how structures Engineering staff for Cisco.
Steinthor Bjarnason is a consulting engineer for Cisco.
Ken Hook is a swap protection resolution supervisor for Cisco.
Rajesh Bhandari is a technical chief and a community safeguard ideas architect for Cisco.
Use port safeguard to guard opposed to CAM attacks
Prevent spanning-tree assaults
Isolate VLANs with right configuration techniques
Protect opposed to rogue DHCP servers
Block ARP snooping
Prevent IPv6 neighbor discovery and router solicitation exploitation
Identify energy over Ethernet vulnerabilities
Mitigate hazards from HSRP and VRPP
Stop details leaks with CDP, PaGP, VTP, CGMP and different Cisco ancillary protocols
Understand and stop DoS assaults opposed to switches
Enforce basic wirespeed protection regulations with ACLs
Implement consumer authentication on a port base with IEEE 802.1x
Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.
This defense publication is a part of the Cisco Press® Networking expertise sequence. protection titles from Cisco Press support networking execs safe serious information and assets, hinder and mitigate community assaults, and construct end-to-end self-defending networks.
Category: Cisco Press–Security
Covers: Ethernet swap Security