Download PDF by Eric Vyncke,Christopher Paggen: LAN Switch Security: What Hackers Know About Your Switches

Contrary to renowned trust, Ethernet switches will not be inherently safe. safeguard vulnerabilities in Ethernet switches are a number of: from the swap implementation, to manage aircraft protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so forth) and knowledge airplane protocols, similar to handle Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN change safety explains the entire vulnerabilities in a community infrastructure concerning Ethernet switches. extra, this ebook exhibits you ways to configure a change to avoid or to mitigate assaults according to these vulnerabilities. This e-book additionally features a part on the way to use an Ethernet change to extend the safety of a community and stop destiny attacks.

Divided into 4 components, LAN change safety offers you steps you could take to make sure the integrity of either voice and knowledge site visitors touring over Layer 2 units. half I covers vulnerabilities in Layer 2 protocols and the way to configure switches to avoid assaults opposed to these vulnerabilities. half II addresses denial-of-service (DoS) assaults on an Ethernet change and exhibits how these assaults should be mitigated. half III indicates how a change can truly increase the protection of a community throughout the usage of wirespeed entry keep an eye on checklist (ACL) processing and IEEE 802.1x for consumer authentication and authorization. half IV examines destiny advancements from the LinkSec operating team on the IEEE. For all components, lots of the content material is seller self reliant and turns out to be useful for all community architects deploying Ethernet switches.

After studying this booklet, you could have an in-depth figuring out of LAN defense and be ready to plug the protection holes that exist in numerous campus networks.

• Use port safeguard to guard opposed to CAM attacks
• Prevent spanning-tree attacks
• Isolate VLANs with right configuration techniques
• Protect opposed to rogue DHCP servers
• Block ARP snooping
• Prevent IPv6 neighbor discovery and router solicitation exploitation
• Identify strength over Ethernet vulnerabilities
• Mitigate dangers from HSRP and VRPP
• Stop info leaks with CDP, PaGP, VTP, CGMP and different Cisco ancillary protocols
• Understand and stop DoS assaults opposed to switches
• Enforce basic wirespeed defense guidelines with ACLs
• Implement consumer authentication on a port base with IEEE 802.1x
• Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.

This safeguard booklet is a part of the Cisco Press® Networking know-how sequence. protection titles from Cisco Press aid networking pros safe severe facts and assets, hinder and mitigate community assaults, and construct end-to-end self-defending networks.