CCNP 3 Minimizing Service Loss and Data Theft in a Campus Network

From Teknologisk videncenter
Revision as of 13:45, 15 September 2010 by Rael (talk | contribs) (Switch Attack Categories)
Jump to: navigation, search

Understanding Switch Security Issues

Describing Unauthorized Access by Rogue Devices

Rouge Access Points

Switch Attack Categories

  • MAC layer attacks
  • VLAN attacks
  • Spoof attacks
  • Switch device attacks
MAC address Flooding Port Security
VLAN Hooping Tighten up trunk configurations and the nogotiation state
Attacks between devices on a common VLAN Implement Private VLANS(PVLANs)
DHCP Spoofing USe DHCP Snooping
Spanning tree compromises Proactively configure the primary and backup root devices, Enable root guard
MAC Spoofing Use DHCP Snooping. Port security.
ARP Spoofing Use Dynamic ARP Inspection. DHCP Snooping, Port Security
CDP Manipulation Diable CDP on al ports where it is not intentionally used.
SSH & Telnet attacks Use SSHv2. Use Telnet with VTY ACLs

Describing a MAC Flooding Attack

MAC Flood Attack
Retrieved from "http://mars.merhot.dk/w/index.php?title=CCNP_3_Minimizing_Service_Loss_and_Data_Theft_in_a_Campus_Network&oldid=14636"