Overview

LAN Switch Security: What Hackers Know About Your Switches - A practical guide to hardening Layer 2 devices and stopping campus network attacksContrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco(R) Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks.Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches.After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks.

• Use port security to protect against CAM attacks
• Prevent spanning-tree attacks
• Isolate VLANs with proper configuration techniques
• Protect against rogue DHCP servers
• Block ARP snooping
• Prevent IPv6 neighbor discovery and router solicitation exploitation
• Identify Power over Ethernet vulnerabilities
• Mitigate risks from HSRP and VRPP
• Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols
• Understand and prevent DoS attacks against switches
• Enforce simple wirespeed security policies with ACLs
• Implement user authentication on a port base with IEEE 802.1x
• Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.

Full Product Details

9781587057045

Table of Contents

Reviews

Author Information

Eric Vyncke has a master's degree in computer science engineering from the University of Liege in Belgium. Heworked as a research assistant in the same university before joining Network Research Belgium. At NetworkResearch Belgium, he was the head of R&D. He then joined Siemens as a project manager for security projects, including a proxy firewall. Since 1997, he has worked as a distinguished consulting engineer for Cisco as a technicalconsultant for security covering Europe. For 20 years, Eric's area of expertise has been security from Layer 2 tothe application layer. He is also a guest professor at some Belgian universities for security seminars. Eric is also afrequent speaker at security events (such as Networkers at Cisco Live and RSA Conference).Christopher Paggen joined Cisco in 1996 where he has held various positions gravitating around LAN switchingand security technologies. Lately, he has been in charge of defining product requirements for the company's currentand future high-end firewalls. Christopher holds several U.S. patents, one of which pertains to Dynamic ARPInspection (DAI). As CCIE No. 2659, Christopher also owns a B.S. in computer science from HEMES (Belgium)and went on to study economics at UMH (Belgium) for two more years.

Tab Content 6

Customer Reviews

Recent Reviews

Countries Available