Difference between revisions of "CCNP 3 Minimizing Service Loss and Data Theft in a Campus Network"
From Teknologisk videncenter
m (→Describing Unauthorized Access by Rogue Devices) |
m (→Switch Attack Categories) |
||
| Line 8: | Line 8: | ||
*VLAN attacks | *VLAN attacks | ||
*Spoof attacks | *Spoof attacks | ||
| − | *Switch device attacks | + | *Switch device attacks<br/> |
{|border=1 | {|border=1 | ||
|MAC address Flooding||Port Security | |MAC address Flooding||Port Security | ||
| Line 27: | Line 27: | ||
|- | |- | ||
|SSH & Telnet attacks||Use SSHv2. Use Telnet with VTY ACLs | |SSH & Telnet attacks||Use SSHv2. Use Telnet with VTY ACLs | ||
| + | |} | ||
| + | ==Describing a MAC Flooding Attack== | ||
| + | {| | ||
| + | |[[Image:ScreenShot549.jpg|800px|left|thumb|MAC Flood Attack]] | ||
|} | |} | ||
Revision as of 13:45, 15 September 2010
Contents
Understanding Switch Security Issues
Describing Unauthorized Access by Rogue Devices
Switch Attack Categories
- MAC layer attacks
- VLAN attacks
- Spoof attacks
- Switch device attacks
| MAC address Flooding | Port Security |
| VLAN Hooping | Tighten up trunk configurations and the nogotiation state |
| Attacks between devices on a common VLAN | Implement Private VLANS(PVLANs) |
| DHCP Spoofing | USe DHCP Snooping |
| Spanning tree compromises | Proactively configure the primary and backup root devices, Enable root guard |
| MAC Spoofing | Use DHCP Snooping. Port security. |
| ARP Spoofing | Use Dynamic ARP Inspection. DHCP Snooping, Port Security |
| CDP Manipulation | Diable CDP on al ports where it is not intentionally used. |
| SSH & Telnet attacks | Use SSHv2. Use Telnet with VTY ACLs |
