Lead Image © Taffi, Fotolia.com
Understanding Layer 2 switch port security
Safe Switch
A switch port is the entryway into a network. Depending on network size, there may be thousands of access ports or more distributed across a campus or building. Imagine thousands of doors all over your house: Do you have enough security to prevent unauthorized people from entering?
MAC Address Table
If someone wants to launch an attack through an unsecured port, a switch's Media Access Control (MAC) address table is a good choice. A successful attack to the MAC address table can change the network traffic destination, compromise data confidentiality, and even make the network unavailable, all in a very short time. In this article, I explain how a switch uses the MAC address table, introduce some common methods for attacking the MAC address table and finish up with a security solution to protect a switch from attack.
Layer 2 Switch Operation
A switch provides Data Link Layer (or Layer 2) connectivity on an Ethernet network. Devices transmit data frames based on a unique 48-bit MAC address (Figure 1). The data frame contains a destination address and the sender's source address. When the switch receives the data frame, it looks for the destination address in its MAC address table and forwards the frame to the port specified with the destination address. In some situations, if the switch cannot find a valid record for the destination MAC address, it will send the data frame to all ports except the originating port. This type of broadcast delivery is not a good practice because it wastes bandwidth, and anyone on the same network segment could receive the data frame and exploit the data to gain information for an intrusion attempt.
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Detecting and analyzing man-in-the-middle attacks
Wireshark and a combination of tools comprehensively analyze your security architecture. -
Arp Cache Poisoning and Packet Sniffing
Intruders rely on arp cache poisoning to conceal their presence on a local network. We'll show you some of the tools an attacker might use to poison the arp cache and gather information on your network.
-
Spanning Tree Protocol
Ethernet is so popular because it simply works and is inexpensive. However, the administration side looks a bit more complicated: For the network to run smoothly, the admin might need to make important decisions about the Spanning Tree protocol. -
Kali Linux is the complete toolbox for penetration testing
The Kali Linux distribution is a complete toolbox for penetration testing. -
Segmenting networks with VLANs
Network virtualization takes very different approaches at the software and hardware levels to divide or group network resources into logical units independent of the physical layer. It is typically a matter of implementing secure strategies. We show the technical underpinnings of VLANs.