Revision as of 10:54, 2 September 2011

This article is under development....

Securing the Campus Infrastructure

Security Infrastructure Services

Infrastructure Security

Rouge Devices

Company employees sometimes plug inexpensive APs into company network devices to extend the network. But securing the wireless APs is not always a priority. Wired Rouge Devices could also be a problem, because of its nature.

Layer 2 Attack Categories

MAC Layer Attacks

MAC address flooding

Frames with unique, invalid source MAC addresses flood the switch, exhausting content addressable memory (CAM) table space, disallowing new entries from valid hosts. Traffic to valid hosts is subsequently flooded out all ports.
Mitigation:
Port security. MAC address VLAN access maps.

VLAN Attacks

VLAN Hopping

By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing Layer 3 security measures.
Mitigation
Tighten up trunk configurations and the negotiation state of unused ports. Place unused ports in a common VLAN.

Attacks between devices on a common VLAN

Devices might need protection from one another, even though they are on a common VLAN. This is especially true on service-provider segments that support devices from multiple customers.
Mitigation
Implement private VLANs (PVLAN).

@@ Line 11: / Line 11: @@
 ===MAC address flooding===
 Frames with unique, invalid source MAC addresses flood the switch, exhausting content addressable memory (CAM) table space, disallowing new entries from valid hosts. Traffic to valid hosts is subsequently flooded out all ports.<br/>
-'''Mitigation'''<br/>
+'''Mitigation:'''<br/>
 Port security. MAC address VLAN access maps.
 ==VLAN Attacks==
 ===VLAN Hopping===

Navigation menu

Difference between revisions of "CCNP SWITCH/Securing the Campus Infrastructure"