By Eric Vyncke
LAN swap safety: What Hackers find out about Your Switches
A functional consultant to hardening Layer 2 units and preventing campus community attacks
Christopher Paggen, CCIE® No. 2659
Contrary to well known trust, Ethernet switches usually are not inherently safe. safety vulnerabilities in Ethernet switches are a number of: from the swap implementation, to regulate aircraft protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so forth) and information airplane protocols, akin to handle Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN swap protection explains all of the vulnerabilities in a community infrastructure regarding Ethernet switches. extra, this ebook exhibits you the way to configure a change to avoid or to mitigate assaults in response to these vulnerabilities. This ebook additionally features a part on the way to use an Ethernet swap to extend the safety of a community and forestall destiny attacks.
Divided into 4 elements, LAN change protection offers you steps you could take to make sure the integrity of either voice and knowledge site visitors touring over Layer 2 units. half I covers vulnerabilities in Layer 2 protocols and the way to configure switches to avoid assaults opposed to these vulnerabilities. half II addresses denial-of-service (DoS) assaults on an Ethernet swap and indicates how these assaults could be mitigated. half III exhibits how a swap can really increase the protection of a community during the usage of wirespeed entry keep an eye on checklist (ACL) processing and IEEE 802.1x for person authentication and authorization. half IV examines destiny advancements from the LinkSec operating crew on the IEEE. For all elements, lots of the content material is seller self sufficient and comes in handy for all community architects deploying Ethernet switches.
After analyzing this publication, you've got an in-depth knowing of LAN safety and be ready to plug the protection holes that exist in a good number of campus networks.
Eric Vyncke has a master’s measure in desktop technological know-how engineering from the collage of Liège in Belgium. considering that 1997, Eric has labored as a uncommon Consulting Engineer for Cisco, the place he's a technical advisor for safety masking Europe. His specialty for twenty years has been almost always defense from Layer 2 to purposes. he's additionally visitor professor at Belgian universities for protection seminars.
Christopher Paggen, CCIE® No. 2659, acquired a level in desktop technological know-how from IESSL in Liège (Belgium) and a master’s measure in economics from collage of Mons-Hainaut (UMH) in Belgium. He has been with Cisco due to the fact that 1996 the place he has held a variety of positions within the fields of LAN switching and defense, both as pre-sales help, post-sales aid, community layout engineer, or technical consultant to varied engineering groups. Christopher is a widespread speaker at occasions, reminiscent of Networkers, and has filed numerous U.S. patents within the defense area.
Jason Frazier is a technical chief within the expertise structures Engineering staff for Cisco.
Steinthor Bjarnason is a consulting engineer for Cisco.
Ken Hook is a swap defense answer supervisor for Cisco.
Rajesh Bhandari is a technical chief and a community safeguard recommendations architect for Cisco.
Use port defense to guard opposed to CAM attacks
Prevent spanning-tree assaults
Isolate VLANs with right configuration techniques
Protect opposed to rogue DHCP servers
Block ARP snooping
Prevent IPv6 neighbor discovery and router solicitation exploitation
Identify strength over Ethernet vulnerabilities
Mitigate dangers from HSRP and VRPP
Stop info leaks with CDP, PaGP, VTP, CGMP and different Cisco ancillary protocols
Understand and stop DoS assaults opposed to switches
Enforce uncomplicated wirespeed safety regulations with ACLs
Implement person authentication on a port base with IEEE 802.1x
Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.
This protection publication is a part of the Cisco Press® Networking expertise sequence. protection titles from Cisco Press support networking pros safe serious info and assets, hinder and mitigate community assaults, and construct end-to-end self-defending networks.
Category: Cisco Press–Security
Covers: Ethernet swap Security
Read or Download LAN Switch Security: What Hackers Know About Your Switches PDF
Best Comptia books
Best-of-the-best directions for dealing with low voltage wiring The A-Z reference on designing, fitting, preserving, and troubleshooting smooth defense and fireplace alarm platforms is now absolutely up to date in a brand new version. ready via Terry Kennedy and John E. Traister, authors with over 3 a long time of hands-on event apiece within the building undefined, Low Voltage Wiring: Security/Fire Alarm platforms, 3rd variation offers the entire acceptable wiring facts you must paintings on safeguard and hearth alarm structures in residential, advertisement, and business constructions.
Research in-depth perception into how hackers infiltrate e-business and the way they are often stopped. The booklet comprises up to date hacks and countermeasures, together with the newest denial of provider assaults, electronic mail assaults, viruses, and internet hacks. there's additionally assurance of home windows XP Server. The CD includes customized scripts created, seller instruments, a default password database, and an digital define of the booklet with stay hyperlinks to all the instruments which are referenced within the ebook.
"The booklet is of large final result and capability worth. The Java 2 Platform safety represents an strengthen of significant proportions, and the data during this e-book is captured nowhere else. " --Peter G. Neumann, valuable Scientist, SRI foreign desktop technological know-how Lab, writer of Computer-Related hazards, and Moderator of the hazards discussion board "Profound!
The Hands-On, useful advisor to combating Ajax-Related protection Vulnerabilities an increasing number of sites are being rewritten as Ajax purposes; even conventional computing device software program is swiftly relocating to the internet through Ajax. yet, all too frequently, this transition is being made with reckless put out of your mind for defense.
Additional resources for LAN Switch Security: What Hackers Know About Your Switches