« Previous 1 2 3 4
Understanding Layer 2 switch port security
Safe Switch
802.1X
Another approach to port security is implemented through the IEEE 802.1X network standard [5], which is a scalable, wired network authentication solution for port-based network access control. As shown in Figure 9, the client device (supplicant) requests to attach to the switch port by using the Extensible Authentication Protocol (EAP). The EAP message includes authentication information such as username, password, MAC address, or even digital certificate. When the switch (authenticator) receives the request, it sends the credential to an authentication server, which may be a Remote Authentication Dial-In User Service (RADIUS) server or an agent that connects to an Active Directory server. Finally, the authenticator allows the request if the provided information is validated.
Conclusion
Although wireless connections are very common nowadays, wired networks are still widely used for commercial office networks because of their high speed, stability, and security. The basic design of the wired Ethernet network puts the security on the perimeter and assumes all users on the local network are trusted. An intruder who is able to attach to a switch within the local network can easily gather information for an attack – unless you implement some form of port security. Individual port security configuration should be used on small- to medium-sized networks. For a large network infrastructure, you might want to consider the more scalable 802.1X authentication solution.
Infos
- Kali Linux: https://www.kali.org/
- macof tutorial: http://kalilinuxtutorials.com/macof/
- Ettercap: https://ettercap.github.io/ettercap/
- Port security configuration guide: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html
- 802.1X configuration guide: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dot1x.html
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)