Cisco Ethernet switch Manual de usuario descargar pdf (Pagina 80)

808080

l2-security-bh.ppt

Layer 2 Security Best Practices 2/2

¥ Enable STP attack mitigation (BPDU Guard, Root Guard)

¥ Use private VLANs where appropriate to further divide L2

networks

¥ Use MD5 authentication for VTP

¥ Use CDP only where necessary

¥ Disable all unused ports and put them in an unused VLAN

¥ Consider 802.1X for the future

All of the Preceding Features Are Dependant on

Your Own Security Policy

All of the Preceding Features Are Dependant on

Your Own Security Policy

1 2 ... 75 76 77 78 79 80 81 82 83 84

Hacking Layer 2: Fun with 1
Ethernet Switches 1
¥ Layer 2 Attack Landscape 2
¥ Summary and Case Study 2
The Domino Effect 5
The Numbers from CSI/FBI 7
MAC Attacks 8
MAC Address/CAM Table Review 9
Normal CAM Behaviour 1/3 10
Normal CAM Behaviour 2/3 11
Normal CAM Behaviour 3/3 12
CAM Overflow 1/3 13
CAM Overflow 2/3 14
CAM Overflow 3/3 15
Catalyst CAM Tables 16
CAM Table Full! 18
¥ Port Security 19
Port Security Details 20
VLAN ÒHoppingÓ Attacks 21
Trunk Port Refresher 22
0100.0ccc.cccc 24
Dynamic Trunk Protocol (DTP) 25
Basic VLAN Hopping Attack 26
Hopping Attack 27
Outer Tag, Attacker VLAN 28
Inner Tag, Victim VLAN 28
Disabling Auto-Trunking 29
Security Best Practices 30
ARP Attacks 31
ARP Refresher 32
Gratuitous ARP 33
Misuse of Gratuitous ARP 34
A Test in the Lab 35
¥ ARP spoofing 36
¥ MAC flooding 36
¥ Selective sniffing 36
¥ SSH/SSL interception 36
Arpspoof in Action 37
More on Arpspoof 38
Selective Sniffing 39
SSL/SSH Interception 40
Dsniff evolves: Ettercap 43
Can It Get Much Easier? 44
ARP Entries do not age out 46
Community Ports 46
Private VLAN Configuration 47
More ARP Spoof Mitigation 49
Spanning Tree Attacks 50
Spanning Tree Basics 51
STP Attack Mitigation 56
VLAN Trunking Protocol (VTP) 57
Potential VTP Attacks 58
Layer 2 Port Authentication 59
Dynamic VLAN Access Ports 60
VMPS Architecture 61
VMPS/VQP Attacks 62
VMPS/VQP Attack Mitigation 63
(TLS, MD5, OTP) 64
802.1X Port Authentication 65
Other Attacks 66
0100.0ccc.cccc 67
CDP Attacks 68
DHCP Starvation Attacks 69
Private VLAN Attacks 1/2 71
Private VLAN Attacks 2/2 72
PVLAN Attack Mitigation 73
Nice Try 74
Random Frame Stress Attack 75
IP Telephony Considerations 76
Switch Management 77
Summary and Case Study 78
Your Own Security Policy 80
A Relevant Case Study 81
A More Secure Alternative 82
Lessons Learned 83
Further Reading 84

Comentarios a estos manuales

Sin comentarios

Cisco Ethernet switch Manual de usuario Pagina 80

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco Ethernet switch