Cisco Ethernet switch Manual de usuario descargar pdf (Pagina 60)

606060

l2-security-bh.ppt

Dynamic VLAN Access Ports

¥ VLAN assignment based on MAC address or HTTP Auth (URT)

is possible with a VLAN Management Policy Server (VMPS)

¥ Requires VLAN to MAC database which is downloaded via TFTP

to the VMPS server

¥ VMPS uses VLAN Query Protocol (VQP) which is

unauthenticated and runs over UDP

¥ Can restrict certain VLANs to certain physical ports

¥ During access violation, switch can send either an "access

denied" response or shutdown the port (depends on

configuration)

¥ Server and client

Available in Cat 29XX, 4K, 5K, and 6K in CatOS 5.2

¥ Client only

Available in 3550 and 2950 in 12.1(4)EA1; 29/3500XL in 11.2(8)SA4

1 2 ... 55 56 57 58 59 60 61 62 63 64 65 ... 83 84

Hacking Layer 2: Fun with 1
Ethernet Switches 1
¥ Layer 2 Attack Landscape 2
¥ Summary and Case Study 2
The Domino Effect 5
The Numbers from CSI/FBI 7
MAC Attacks 8
MAC Address/CAM Table Review 9
Normal CAM Behaviour 1/3 10
Normal CAM Behaviour 2/3 11
Normal CAM Behaviour 3/3 12
CAM Overflow 1/3 13
CAM Overflow 2/3 14
CAM Overflow 3/3 15
Catalyst CAM Tables 16
CAM Table Full! 18
¥ Port Security 19
Port Security Details 20
VLAN ÒHoppingÓ Attacks 21
Trunk Port Refresher 22
0100.0ccc.cccc 24
Dynamic Trunk Protocol (DTP) 25
Basic VLAN Hopping Attack 26
Hopping Attack 27
Outer Tag, Attacker VLAN 28
Inner Tag, Victim VLAN 28
Disabling Auto-Trunking 29
Security Best Practices 30
ARP Attacks 31
ARP Refresher 32
Gratuitous ARP 33
Misuse of Gratuitous ARP 34
A Test in the Lab 35
¥ ARP spoofing 36
¥ MAC flooding 36
¥ Selective sniffing 36
¥ SSH/SSL interception 36
Arpspoof in Action 37
More on Arpspoof 38
Selective Sniffing 39
SSL/SSH Interception 40
Dsniff evolves: Ettercap 43
Can It Get Much Easier? 44
ARP Entries do not age out 46
Community Ports 46
Private VLAN Configuration 47
More ARP Spoof Mitigation 49
Spanning Tree Attacks 50
Spanning Tree Basics 51
STP Attack Mitigation 56
VLAN Trunking Protocol (VTP) 57
Potential VTP Attacks 58
Layer 2 Port Authentication 59
Dynamic VLAN Access Ports 60
VMPS Architecture 61
VMPS/VQP Attacks 62
VMPS/VQP Attack Mitigation 63
(TLS, MD5, OTP) 64
802.1X Port Authentication 65
Other Attacks 66
0100.0ccc.cccc 67
CDP Attacks 68
DHCP Starvation Attacks 69
Private VLAN Attacks 1/2 71
Private VLAN Attacks 2/2 72
PVLAN Attack Mitigation 73
Nice Try 74
Random Frame Stress Attack 75
IP Telephony Considerations 76
Switch Management 77
Summary and Case Study 78
Your Own Security Policy 80
A Relevant Case Study 81
A More Secure Alternative 82
Lessons Learned 83
Further Reading 84

Comentarios a estos manuales

Sin comentarios

Cisco Ethernet switch Manual de usuario Pagina 60

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco Ethernet switch