CCNP SWITCH/Securing the Campus Infrastructure

From Teknologisk videncenter
Revision as of 10:54, 2 September 2011 by Rael (talk | contribs)
Jump to: navigation, search

Securing the Campus Infrastructure

Security Infrastructure Services

Infrastructure Security

Rouge Devices

Company employees sometimes plug inexpensive APs into company network devices to extend the network. But securing the wireless APs is not always a priority. Wired Rouge Devices could also be a problem, because of its nature.

Layer 2 Attack Categories

MAC Layer Attacks

MAC address flooding

Frames with unique, invalid source MAC addresses flood the switch, exhausting content addressable memory (CAM) table space, disallowing new entries from valid hosts. Traffic to valid hosts is subsequently flooded out all ports.
Mitigation
Port security. MAC address VLAN access maps.

VLAN Attacks

VLAN Hopping

By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing Layer 3 security measures.
Mitigation
Tighten up trunk configurations and the negotiation state of unused ports. Place unused ports in a common VLAN.

Attacks between devices on a common VLAN

Devices might need protection from one another, even though they are on a common VLAN. This is especially true on service-provider segments that support devices from multiple customers.
Mitigation
Implement private VLANs (PVLAN).

Spoofing Attacks

DHCP starcation and spoofing

Retrieved from "http://mars.merhot.dk/w/index.php?title=CCNP_SWITCH/Securing_the_Campus_Infrastructure&oldid=19298"