Skip to main content

LAN Switch Security: What Hackers Know about Your Switches - Picture 1 of 1
Stock photo

LAN Switch Security : What Hackers Know about Your Switches by Christopher Paggen and Eric Vyncke (2007, Perfect)

ThriftBooks (3896292)
99% positive feedback
Price:
US $13.48
ApproximatelyRM 57.04
+ $15.53 shipping
Estimated delivery Thu, 26 Jun - Mon, 28 Jul
Returns:
No returns, but backed by .
Condition:
Good

About this product

Product Identifiers

PublisherCisco Press
ISBN-101587052563
ISBN-139781587052569
eBay Product ID (ePID)59938522

Product Key Features

Number of Pages360 Pages
Publication NameLan Switch Security : What Hackers Know about Your Switches
LanguageEnglish
SubjectNetworking / Vendor Specific, Security / Networking, Networking / Local Area Networks (Lans)
Publication Year2007
TypeTextbook
AuthorChristopher Paggen, Eric Vyncke
Subject AreaComputers
FormatPerfect

Dimensions

Item Height0.9 in
Item Weight21 Oz
Item Length9.1 in
Item Width7.3 in

Additional Product Features

Intended AudienceScholarly & Professional
Dewey Edition22
IllustratedYes
Dewey Decimal005.8
Table Of ContentContents Introduction xix Part I Vulnerabilities and Mitigation Techniques 3 Chapter 1 Introduction to Security 5 Security Triad 5 Confidentiality 6 Integrity 7 Availability 8 Reverse Security Triad 8 Risk Management 8 Risk Analysis 9 Risk Control 10 Access Control and Identity Management 10 Cryptography 11 Symmetric Cryptosystems 13 Symmetric Encryption 13 Hashing Functions 13 Hash Message Authentication Code 14 Asymmetric Cryptosystems 15 Confidentiality with Asymmetric Cryptosystems 16 Integrity and Authentication with Asymmetric Cryptosystems 17 Key Distribution and Certificates 18 Attacks Against Cryptosystems 19 Summary 21 References 21 Chapter 2 Defeating a Learning Bridge?A'a'a's Forwarding Process 23 Back to Basics: Ethernet Switching 101 23 Ethernet Frame Formats 23 Learning Bridge 24 Consequences of Excessive Flooding 26 Exploiting the Bridging Table: MAC Flooding Attacks 27 Forcing an Excessive Flooding Condition 28 Introducing the macof Tool 30 MAC Flooding Alternative: MAC Spoofing Attacks 34 Not Just Theory 35 Preventing MAC Flooding and Spoofing Attacks 36 Detecting MAC Activity 36 Port Security 37 Unknown Unicast Flooding Protection 39 Summary 40 References 41 Chapter 3 Attacking the Spanning Tree Protocol 43 Introducing Spanning Tree Protocol 43 Types of STP 46 Understanding 802.1D and 802.1Q Common STP 46 Understanding 802.1w Rapid STP 46 Understanding 802.1s Multiple STP 47 STP Operation: More Details 47 Let the Games Begin! 53 Attack 1: Taking Over the Root Bridge 55 Root Guard 58 BPDU-Guard 58 Attack 2: DoS Using a Flood of Config BPDUs 60 BPDU-Guard 62 BPDU Filtering 62 Layer 2 PDU Rate Limiter 63 Attack 3: DoS Using a Flood of Config BPDUs 63 Attack 4: Simulating a Dual-Homed Switch 63 Summary 64 References 65 Chapter 4 Are VLANS Safe? 67 IEEE 802.1Q Overview 67 Frame Classification 68 Go Native 69 Attack of the 802.1Q Tag Stack 71 Understanding Cisco Dynamic Trunking Protocol 76 Crafting a DTP Attack 76 Countermeasures to DTP Attacks 80 Understanding Cisco VTP 80 VTP Vulnerabilities 81 Summary 82 References 82 Chapter 5 Leveraging DHCP Weaknesses 85 DHCP Overview 85 Attacks Against DHCP 89 DHCP Scope Exhaustion: DoS Attack Against DHCP 89 Yensinia 89 Gobbler 90 Hijacking Traffic Using DHCP Rogue Servers 92 Countermeasures to DHCP Exhaustion Attacks 93 Port Security 94 Introducing DHCP Snooping 96 Rate-Limiting DHCP Messages per Port 97 DHCP Message Validation 97 DHCP Snooping with Option 82 99 Tips for Deploying DHCP Snooping 99 Tips for Switches That Do Not Support DHCP Snooping 100 DHCP Snooping Against IP/MAC Spoofing Attacks 100 Summary 103 References 103 Chapter 6 Exploiting IPv4 ARP 105 Back to ARP Basics 105 Normal ARP Behavior 105 Gratuitous ARP 107 Risk Analysis for ARP 108 ARP Spoofing Attack 108 Elements of an ARP Spoofing Attack 109 Mounting an ARP Spoofing Attack 111 Mitigating an ARP Spoofing Attack 112 Dynamic ARP Inspection 112 DAI in Cisco IOS 112 DAI in CatOS 115 Protecting the Hosts 115 Intrusion Detection 116 Mitigating Other ARP Vulnerabilities 117 Summary 118 References 118 Chapter 7 Exploiting IPv6 Neighbor Discovery and Router Advertisement 121 Introduction to IPv6 121 Motivation for IPv6 121 What Does IPv6 Change? 122 Ne
Synopsis"LAN Switch Security" explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this text shows how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities., "LAN Switch Security: What Hackers Know About Your Switches" A practical guide to hardening Layer 2 devices and stopping campus network attacks Eric Vyncke Christopher Paggen, CCIE(R) No. 2659 Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco(R) Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendorindependent and is useful for all network architects deploying Ethernet switches. After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks. Eric Vyncke has a master's degree in computer science engineering from the University of Liege in Belgium. Since 1997, Eric has worked as a Distinguished Consulting Engineer for Cisco, where he is a technical consultant for security covering Europe. His area of expertise for 20 years has been mainly security from Layer 2 to applications. He is also guest professor at Belgian universities for security seminars. Christopher Paggen, CCIE(R) No. 2659, obtained a degree in computer science from IESSL in Liege (Belgium) and a master's degree in economics from University of Mons-Hainaut (UMH) in Belgium. He has been with Cisco since 1996 where he has held various positions in the fields of LAN switching and security, either as pre-sales support, post-sales support, network design engineer, or technical advisor to various engineering teams. Christopher is a frequent speaker at events, such as Networkers, and has filed several U.S. patents in the security area. Contributing Authors: Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco. Steinthor Bjarnason is a consulting engineer for Cisco. Ken Hook is a switch security solution manager for Cisco. Rajesh Bhandari is a technical leader and a network security solutions architect for Cisco. Use port security to protect against CAM attacks Prevent spanning-tree attacks Isolate VLANs with proper configuration techniques Protect against rogue DHCP servers Block ARP snooping Prevent IPv6 neighbor discovery and router solicitation exploitation Identify Power over Ethernet vulnerabilities Mitigate risks from HSRP and VRPP Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols Understand and prevent DoS attacks against switches Enforce simple wirespeed security policies with ACLs Implement user authentication on a port base with IEEE 802.1x Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.</li, LAN Switch Security: What Hackers Know About Your Switches A practical guide to hardening Layer 2 devices and stopping campus network attacks Eric Vyncke Christopher Paggen, CCIE(R) No. 2659 Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol STP], Cisco(R) Discovery Protocol CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches. After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks. Eric Vyncke has a master's degree in computer science engineering from the University of Li ge in Belgium. Since 1997, Eric has worked as a Distinguished Consulting Engineer for Cisco, where he is a technical consultant for security covering Europe. His area of expertise for 20 years has been mainly security from Layer 2 to applications. He is also guest professor at Belgian universities for security seminars. Christopher Paggen, CCIE(R) No. 2659, obtained a degree in computer science from IESSL in Li ge (Belgium) and a master's degree in economics from University of Mons-Hainaut (UMH) in Belgium. He has been with Cisco since 1996 where he has held various positions in the fields of LAN switching and security, either as pre-sales support, post-sales support, network design engineer, or technical advisor to various engineering teams. Christopher is a frequent speaker at events, such as Networkers, and has filed several U.S. patents in the security area. Contributing Authors: Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco. Steinthor Bjarnason is a consulting engineer for Cisco. Ken Hook is a switch security solution manager for Cisco. Rajesh Bhandari is a technical leader and a network security solutions architect for Cisco. Use port security to protect against CAM attacks Prevent spanning-tree attacks Isolate VLANs with proper configuration techniques Protect against rogue DHCP servers Block ARP snooping Prevent IPv6 neighbor discovery and router solicitation exploitation Identify Power over Ethernet vulnerabilities Mitigate risks from HSRP and VRPP Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols Understand and prevent DoS attacks against switches Enforce simple wirespeed security poli
LC Classification NumberTK5105.7.V96 2007
No ratings or reviews yet
Be the first to write a review

You may also like