DropShippers.co.za \ > > > > > Details You Are Here

LAN Switch Security

LAN Switch Security - What Hackers Know About Your Switches descriptions were created by LAN Switch Security - What Hackers..

DropShippers SA Logo DropShippers SA
LAN Switch Security
South Africa Language

LAN Switch Security

Author
Eric Vyncke
Christopher Paggen
Publishing Date
Sep 2007
Binding
Paperback
Pages
360 Pages
LAN Switch Security

LAN Switch Security - What Hackers Know About Your Switches

Computer Textbook: LAN Switch Security - What Hackers Know Distribution Details

LAN Switch Security: What Hackers Know About Your Switches http://www.dropshippers.co.za/

A practical guide to hardening Layer 2 devices and stopping campus network attacks http://www.dropshippers.co.za/

Eric Vyncke http://www.dropshippers.co.za/

Christopher Paggen, CCIE® No. 2659 http://www.dropshippers.co.za/

Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. http://www.dropshippers.co.za/

Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches. http://www.dropshippers.co.za/

After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks. http://www.dropshippers.co.za/

Eric Vyncke has a master’s degree in computer science engineering from the University of Liège in Belgium. Since 1997, Eric has worked as a Distinguished Consulting Engineer for Cisco, where he is a technical consultant for security covering Europe. His area of expertise for 20 years has been mainly security from Layer 2 to applications. He is also guest professor at Belgian universities for security seminars. http://www.dropshippers.co.za/

Christopher Paggen, CCIE® No. 2659, obtained a degree in computer science from IESSL in Liège (Belgium) and a master’s degree in economics from University of Mons-Hainaut (UMH) in Belgium. He has been with Cisco since 1996 where he has held various positions in the fields of LAN switching and security, either as pre-sales support, post-sales support, network design engineer, or technical advisor to various engineering teams. Christopher is a frequent speaker at events, such as Networkers, and has filed several U.S. patents in the security area. http://www.dropshippers.co.za/

Contributing Authors: http://www.dropshippers.co.za/

Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco. http://www.dropshippers.co.za/

Steinthor Bjarnason is a consulting engineer for Cisco. http://www.dropshippers.co.za/

Ken Hook is a switch security solution manager for Cisco. http://www.dropshippers.co.za/

Rajesh Bhandari is a technical leader and a network security solutions architect for Cisco. http://www.dropshippers.co.za/

  • Use port security to protect against CAM attacks
  • Prevent spanning-tree attacks
  • Isolate VLANs with proper configuration techniques
  • Protect against rogue DHCP servers
  • Block ARP snooping
  • Prevent IPv6 neighbor discovery and router solicitation exploitation
  • Identify Power over Ethernet vulnerabilities
  • Mitigate risks from HSRP and VRPP
  • Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols
  • Understand and prevent DoS attacks against switches
  • Enforce simple wirespeed security policies with ACLs
  • Implement user authentication on a port base with IEEE 802.1x
  • Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.
    • http://www.dropshippers.co.za/

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. http://www.dropshippers.co.za/

Category: Cisco Press—Security http://www.dropshippers.co.za/

Covers: Ethernet Switch Security http://www.dropshippers.co.za/

$60.00 USA / $69.00 CAN http://www.dropshippers.co.za/

LAN Switch Security: What Hackers Know About Your Switches http://www.dropshippers.co.za/

A practical guide to hardening Layer 2 devices and stopping campus network attacks http://www.dropshippers.co.za/

Eric Vyncke http://www.dropshippers.co.za/

Christopher Paggen, CCIE® No. 2659 http://www.dropshippers.co.za/

Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. http://www.dropshippers.co.za/

Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches. http://www.dropshippers.co.za/

After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks. http://www.dropshippers.co.za/

Eric Vyncke has a master’s degree in computer science engineering from the University of Liège in Belgium. Since 1997, Eric has worked as a Distinguished Consulting Engineer for Cisco, where he is a technical consultant for security covering Europe. His area of expertise for 20 years has been mainly security from Layer 2 to applications. He is also guest professor at Belgian universities for security seminars. http://www.dropshippers.co.za/

Christopher Paggen, CCIE® No. 2659, obtained a degree in computer science from IESSL in Liège (Belgium) and a master’s degree in economics from University of Mons-Hainaut (UMH) in Belgium. He has been with Cisco since 1996 where he has held various positions in the fields of LAN switching and security, either as pre-sales support, post-sales support, network design engineer, or technical advisor to various engineering teams. Christopher is a frequent speaker at events, such as Networkers, and has filed several U.S. patents in the security area. http://www.dropshippers.co.za/

Contributing Authors: http://www.dropshippers.co.za/

Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco. http://www.dropshippers.co.za/

Steinthor Bjarnason is a consulting engineer for Cisco. http://www.dropshippers.co.za/

Ken Hook is a switch security solution manager for Cisco. http://www.dropshippers.co.za/

Rajesh Bhandari is a technical leader and a network security solutions architect for Cisco. http://www.dropshippers.co.za/

  • Use port security to protect against CAM attacks
  • Prevent spanning-tree attacks
  • Isolate VLANs with proper configuration techniques
  • Protect against rogue DHCP servers
  • Block ARP snooping
  • Prevent IPv6 neighbor discovery and router solicitation exploitation
  • Identify Power over Ethernet vulnerabilities
  • Mitigate risks from HSRP and VRPP
  • Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols
  • Understand and prevent DoS attacks against switches
  • Enforce simple wirespeed security policies with ACLs
  • Implement user authentication on a port base with IEEE 802.1x
  • Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.
    • http://www.dropshippers.co.za/

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. http://www.dropshippers.co.za/

Category: Cisco Press–Security http://www.dropshippers.co.za/

Covers: Ethernet Switch Security http://www.dropshippers.co.za/

$60.00 USA / $69.00 CAN http://www.dropshippers.co.za/

Table of Contents

Contents

Part I

  • Vulnerabilities and Mitigation Techniques 3
  • Chapter 1
  • Introduction to Security 5
  • Security Triad 5
  • Confidentiality 6
  • Integrity 7
  • Availability 8
  • Reverse Security Triad 8
  • Risk Management 8
  • Risk Analysis 9
  • Risk Control 10
  • Access Control and Identity Management 10
  • Cryptography 11
  • Symmetric Cryptosystems 13
  • Symmetric Encryption 13
  • Hashing Functions 13
  • Hash Message Authentication Code 14
  • Asymmetric Cryptosystems 15
  • Confidentiality with Asymmetric Cryptosystems 16
  • Integrity and Authentication with Asymmetric Cryptosystems 17
  • Key Distribution and Certificates 18
  • Attacks Against Cryptosystems 19
  • Summary 21
  • References 21
    • http://www.dropshippers.co.za/

Chapter 2

  • Defeating a Learning Bridge’s Forwarding Process 23
  • Back to Basics: Ethernet Switching 101 23
  • Ethernet Frame Formats 23
  • Learning Bridge 24
  • Consequences of Excessive Flooding 26
  • Exploiting the Bridging Table: MAC Flooding Attacks 27
  • Forcing an Excessive Flooding Condition 28
  • Introducing the macof Tool 30
  • MAC Flooding Alternative: MAC Spoofing Attacks 34
  • Not Just Theory 35
  • Preventing MAC Flooding and Spoofing Attacks 36
  • Detecting MAC Activity 36
  • Port Security 37
  • Unknown Unicast Flooding Protection 39
  • Summary 40
  • References 41
    • http://www.dropshippers.co.za/

Chapter 3

  • Attacking the Spanning Tree Protocol 43
  • Introducing Spanning Tree Protocol 43
  • Types of STP 46
  • Understanding 802.1D and 802.1Q Common STP 46
  • Understanding 802.1w Rapid STP 46
  • Understanding 802.1s Multiple STP 47
  • STP Operation: More Details 47
  • Let the Games Begin! 53
  • Attack 1: Taking Over the Root Bridge 55
  • Root Guard 58
  • BPDU-Guard 58
  • Attack 2: DoS Using a Flood of Config BPDUs 60
  • BPDU-Guard 62
  • BPDU Filtering 62
  • Layer 2 PDU Rate Limiter 63
  • Attack 3: DoS Using a Flood of Config BPDUs 63
  • Attack 4: Simulating a Dual-Homed Switch 63
  • Summary 64
  • References 65
    • http://www.dropshippers.co.za/

Chapter 4

  • Are VLANS Safe? 67
  • IEEE 802.1Q Overview 67
  • Frame Classification 68
  • Go Native 69
  • Attack of the 802.1Q Tag Stack 71
  • Understanding Cisco Dynamic Trunking Protocol 76
  • Crafting a DTP Attack 76
  • Countermeasures to DTP Attacks 80
  • Understanding Cisco VTP 80
  • VTP Vulnerabilities 81
  • Summary 82
  • References 82
    • http://www.dropshippers.co.za/

Chapter 5

  • Leveraging DHCP Weaknesses 85
  • DHCP Overview 85
  • Attacks Against DHCP 89
  • DHCP Scope Exhaustion: DoS Attack Against DHCP 89
  • Yensinia 89
  • Gobbler 90
  • Hijacking Traffic Using DHCP Rogue Servers 92
  • Countermeasures to DHCP Exhaustion Attacks 93
  • Port Security 94
  • Introducing DHCP Snooping 96
  • Rate-Limiting DHCP Messages per Port 97
  • DHCP Message Validation 97
  • DHCP Snooping with Option 82 99
  • Tips for Deploying DHCP Snooping 99
  • Tips for Switches That Do Not Support DHCP Snooping 100
  • DHCP Snooping Against IP/MAC Spoofing Attacks 100
  • Summary 103
  • References 103
    • http://www.dropshippers.co.za/

Chapter 6

  • Exploiting IPv4 ARP 105
  • Back to ARP Basics 105
  • Normal ARP Behavior 105
  • Gratuitous ARP 107
  • Risk Analysis for ARP 108
  • ARP Spoofing Attack 108
  • Elements of an ARP Spoofing Attack 109
  • Mounting an ARP Spoofing Attack 111
  • Mitigating an ARP Spoofing Attack 112
  • Dynamic ARP Inspection 112
  • DAI in Cisco IOS 112
  • DAI in CatOS 115
  • Protecting the Hosts 115
  • Intrusion Detection 116
  • Mitigating Other ARP Vulnerabilities 117
  • Summary 118
  • References 118
    • http://www.dropshippers.co.za/

Chapter 7

  • Exploiting IPv6 Neighbor Discovery and Router Advertisement 121
  • Introduction to IPv6 121
  • Motivation for IPv6 121
  • What Does IPv6 Change? 122
  • Neighbor Discovery 126
  • Stateless Configuration with Router Advertisement 127
  • Analyzing Risk for ND and Stateless Configuration 129
  • Mitigating ND and RA Attacks 130
  • In Hosts 130
  • In Switches 130
  • Here Comes Secure ND 131
  • What Is SEND? 131
  • Implementation 133
  • Challenges 133
  • Summary 133
  • References 133
    • http://www.dropshippers.co.za/

Chapter 8

  • What About Power over Ethernet? 135
  • Introduction to PoE 135
  • How PoE Works 136
  • Detection Mechanism 136
  • Powering Mechanism 138
  • Risk Analysis for PoE 139
  • Types of Attacks 139
  • Mitigating Attacks 140
  • Defending Against Power Gobbling 140
  • Defending Against Power-Changing Attacks 141
  • Defending Against Shutdown Attacks 141
  • Defending Against Burning Attacks 142
  • Summary 143
  • References 143
    • http://www.dropshippers.co.za/

Chapter 9

  • Is HSRP Resilient? 145
  • HSRP Mechanics 145
  • Digging into HSRP 147
  • Attacking HSRP 148
  • DoS Attack 149
  • Man-in-the-Middle Attack 150
  • Information Leakage 151
  • Mitigating HSRP Attacks 151
  • Using Strong Authentication 151
  • Relying on Network Infrastructure 153
  • Summary 155
  • References 155
    • http://www.dropshippers.co.za/

Chapter 10

  • Can We Bring VRRP Down? 157
  • Discovering VRRP 157
  • Diving Deep into VRRP 159
  • Risk Analysis for VRRP 161
  • Mitigating VRRP Attacks 161
  • Using Strong Authentication 162
  • Relying on the Network Infrastructure 162
  • Summary 163
  • References 163
    • http://www.dropshippers.co.za/

Chapter 11

  • Information Leaks with Cisco Ancillary Protocols 165
  • Cisco Discovery Protocol 165
  • Diving Deep into CDP 165
  • CDP Risk Analysis 167
  • CDP Risk Mitigation 169
  • IEEE Link Layer Discovery Protocol 169
  • VLAN Trunking Protocol 170
  • VTP Risk Analysis 172
  • VTP Risk Mitigation 173
  • Link Aggregation Protocols 174
  • Risk Analysis 176
  • Risk Mitigation 177
  • Summary 178
  • References 178
    • http://www.dropshippers.co.za/

Part II

  • How Can a Switch Sustain a Denial of Service Attack? 181
  • Chapter 12
  • Introduction to Denial of Service Attacks 183
  • How Does a DoS Attack Differ from a DDoS Attack? 183
  • Initiating a DDoS Attack 184
  • Zombie 184
  • Botnet 185
  • DoS and DDoS Attacks 186
  • Attacking the Infrastructure 186
  • Common Flooding Attacks 187
  • Mitigating Attacks on Services 187
  • Attacking LAN Switches Using DoS and DDoS Attacks 188
  • Anatomy of a Switch 188
  • Three Planes 189
  • Data Plane 189
  • Control Plane 190
  • Management Plane 190
  • Attacking the Switch 190
  • Data Plane Attacks 192
  • Control Plane Attacks 192
  • Management Plane Attacks 193
  • Switch Architecture Attacks 193
  • Summary 194
  • Reference 194
    • http://www.dropshippers.co.za/

Chapter 13

  • Control Plane Policing 197
  • Which Services Reside on the Control Plane? 198
  • Securing the Control Plane on a Switch 198
  • Implementing Hardware-Based CoPP 200
  • Configuring Hardware-Based CoPP on the Catalyst 6500 200
  • Hardware Rate Limiters 201
  • Hardware-Based CoPP 203
  • Configuring Control Plane Security on the Cisco ME3400 203
  • Implementing Software-Based CoPP 206
  • Configuring Software-Based CoPP 207
  • Mitigating Attacks Using CoPP 211
  • Mitigating Attacks on the Catalyst 6500 Switch 211
  • Telnet Flooding Without CoPP 211
  • Telnet Flooding with CoPP 212
  • TTL Expiry Attack 215
  • Mitigating Attacks on Cisco ME3400 Series Switches 218
  • CDP Flooding 218
  • CDP Flooding with L2TP Tunneling 219
  • Summary 222
  • References 222
    • http://www.dropshippers.co.za/

Chapter 14

  • Disabling Control Plane Protocols 225
  • Configuring Switches Without Control Plane Protocols 225
  • Safely Disabling Control Plane Activities 227
  • Disabling STP 227
  • Disabling Link Aggregation Protocols 228
  • Disabling VTP 228
  • Disabling DTP 228
  • Disabling Hot Standby Routing Protocol and Virtual Routing Redundancy
  • Protocol 228
  • Disabling Management Protocols and Routing Protocols 229
  • Using an ACL 230
  • Disabling Other Control Plane Activities 232
  • Generating ICMP Messages 232
  • Controlling CDP, IPv6, and IEEE 802.1X 233
  • Using Smartports Macros 234
  • Control Plane Activities That Cannot Be Disabled 235
  • Best Practices for Control Plane 236
  • Summary 236
    • http://www.dropshippers.co.za/

Chapter 15

  • Using Switches to Detect a Data Plane DoS 239
  • Detecting DoS with NetFlow 239
  • Enabling NetFlow on a Catalyst 6500 244
  • NetFlow as a Security Tool 246
  • Increasing Security with NetFlow Applications 247
  • Securing Networks with RMON 249
  • Other Techniques That Detect Active Worms 252
  • Summary 255
  • References 255
    • http://www.dropshippers.co.za/

Part III

  • Using Switches to Augment the Network Security 257
  • Chapter 16
  • Wire Speed Access Control Lists 259
  • ACLs or Firewalls? 260
  • State or No State? 261
  • Protecting the Infrastructure Using ACLs 261
  • RACL, VACL, and PACL: Many Types of ACLs 263
  • Working with RACL 264
  • Working with VACL 265
  • Working with PACL 267
  • Technology Behind Fast ACL Lookups 267
  • Exploring TCAM 268
  • Summary 270
    • http://www.dropshippers.co.za/

Chapter 17

  • Identity-Based Networking Services with 802.1X 273
  • Foundation 273
  • Basic Identity Concepts 274
  • Identification 274
  • Authentication 274
  • Authorization 275
  • Discovering Extensible Authentication Protocol 275
  • Exploring IEEE 802.1X 277
  • 802.1X Security 279
  • Integration Value-Add of 802.1X 281
  • Spanning-Tree Considerations 281
  • Trunking Considerations 283
  • Information Leaks 283
  • Keeping Insiders Honest 285
  • Port-Security Integration 285
  • DHCP-Snooping Integration 286
  • Address Resolution Protocol Inspection Integration 286
  • Putting It Together 287
  • Working with Multiple Devices 288
  • Single-Auth Mode 288
  • Multihost Mode 289
    • http://www.dropshippers.co.za/
LAN Switching First-Step

LAN Switching First-Step

..designing and managing a switched LAN Answer the question: do I need a hub, a bridge, or a..

Cisco Networking Simplified

Cisco Networking Simplified

.. with this book's completely updated, fully illustrated visual approach * Easy enough for novices..

LAN Switching and WirelessLinksys RM Wireless N RouterCCIE: LAN SwitchingCnet Port Wired Router wSwitching Basics andActiontec Wireless RouterZyXEL Wireless LAN RouterComputer NetworksLinksys Port Wireless RouterCCNP BCMSN Official ExamCCENT/CCNA ICND1 OfficialCCIE Routing and Switching
LAN Switch Security - What Hackers Know About Your Switches descriptions were created by LAN Switch Security - What Hackers Know About Your Switches wholesale priced dropshippers.

Books2010

Books2010
Books2010's Discount Wholesale Priced Dropshipping Store

Wholesale Price

LAN Switch Security

LAN Switch Security - What Hackers Know About Your Switches

Largest LAN Switch Security discount/wholesale priced list.

Follow Us On Twitter
I Have Products

Sell your unique or specialized LAN Switch Security supplies and take advantage of dropshipping, sell LAN Switch Security - What Hackers Know About Your Switches by dropshipping.

© 2009-2011 Real Drop Shippers, DropShippers SA.
All rights reserved.Accepted Payment Methods
dslbproduct-description 0.312s

Drop Ship Products ~ Drop Shipping ~ LAN Switch Security Manufacture ~ Drop Ship Wholesale ~ Drop Shipping Business ~ Drop Shipping Companies ~ LAN Switch Security Report ~ Wholesale Products ~ LAN Switch Security Tryout ~ Wholesale Drop Shipping ~ LAN Switch Security Reviews ~ LAN Switch Security Dropshipping Review ~ LAN Switch Security Review ~ LAN Switch Security Description

Sign Up | Sign In | Dashboard | Contact Us |

Sitemap - Daily Forex Track and Trace - Privacy

DropShippers US DropShippers UK Dropshippers Nigeria