By Eric Vyncke
LAN swap safeguard: What Hackers find out about Your Switches
A useful advisor to hardening Layer 2 units and preventing campus community attacks
Christopher Paggen, CCIE® No. 2659
Contrary to renowned trust, Ethernet switches aren't inherently safe. safeguard vulnerabilities in Ethernet switches are a number of: from the swap implementation, to regulate aircraft protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], etc) and knowledge airplane protocols, similar to deal with Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN swap safeguard explains the entire vulnerabilities in a community infrastructure concerning Ethernet switches. extra, this e-book exhibits you the way to configure a change to avoid or to mitigate assaults in accordance with these vulnerabilities. This booklet additionally encompasses a part on how you can use an Ethernet change to extend the safety of a community and stop destiny attacks.
Divided into 4 components, LAN change protection provide you with steps you could take to make sure the integrity of either voice and knowledge site visitors touring over Layer 2 units. half I covers vulnerabilities in Layer 2 protocols and the way to configure switches to avoid assaults opposed to these vulnerabilities. half II addresses denial-of-service (DoS) assaults on an Ethernet swap and indicates how these assaults should be mitigated. half III indicates how a change can really increase the protection of a community throughout the usage of wirespeed entry keep an eye on record (ACL) processing and IEEE 802.1x for person authentication and authorization. half IV examines destiny advancements from the LinkSec operating team on the IEEE. For all elements, lots of the content material is seller autonomous and comes in handy for all community architects deploying Ethernet switches.
After examining this publication, you might have an in-depth realizing of LAN protection and be ready to plug the safety holes that exist in a number of campus networks.
Eric Vyncke has a master’s measure in laptop technological know-how engineering from the collage of Liège in Belgium. on the grounds that 1997, Eric has labored as a extraordinary Consulting Engineer for Cisco, the place he's a technical advisor for safety protecting Europe. His uniqueness for two decades has been ordinarily safeguard from Layer 2 to functions. he's additionally visitor professor at Belgian universities for protection seminars.
Christopher Paggen, CCIE® No. 2659, acquired a level in computing device technological know-how from IESSL in Liège (Belgium) and a master’s measure in economics from collage of Mons-Hainaut (UMH) in Belgium. He has been with Cisco given that 1996 the place he has held a variety of positions within the fields of LAN switching and defense, both as pre-sales help, post-sales help, community layout engineer, or technical consultant to varied engineering groups. Christopher is a widespread speaker at occasions, comparable to Networkers, and has filed numerous U.S. patents within the safeguard area.
Jason Frazier is a technical chief within the know-how platforms Engineering workforce for Cisco.
Steinthor Bjarnason is a consulting engineer for Cisco.
Ken Hook is a change safety resolution supervisor for Cisco.
Rajesh Bhandari is a technical chief and a community safeguard strategies architect for Cisco.
Use port defense to guard opposed to CAM attacks
Prevent spanning-tree assaults
Isolate VLANs with right configuration techniques
Protect opposed to rogue DHCP servers
Block ARP snooping
Prevent IPv6 neighbor discovery and router solicitation exploitation
Identify energy over Ethernet vulnerabilities
Mitigate hazards from HSRP and VRPP
Stop info leaks with CDP, PaGP, VTP, CGMP and different Cisco ancillary protocols
Understand and stop DoS assaults opposed to switches
Enforce easy wirespeed safety regulations with ACLs
Implement consumer authentication on a port base with IEEE 802.1x
Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.
This protection e-book is a part of the Cisco Press® Networking expertise sequence. safeguard titles from Cisco Press support networking pros safe serious facts and assets, hinder and mitigate community assaults, and construct end-to-end self-defending networks.
Category: Cisco Press–Security
Covers: Ethernet swap Security