Network Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018
|
|
- Silvia Chambers
- 5 years ago
- Views:
Transcription
1 Network Security The Art of War in The LAN Land Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018
2 Part I MAC Attacks
3 MAC Address/CAM Table Review 48 Bit Hexadecimal Number Creates Unique Layer 2 Address ABC First 24 bits = Manufacture code cXX.XXXX All FFs = Broadcast FFFF.FFFF.FFFF Second 24 bits = Specific interface cXX.XXXX CAM table stands for Content Addressable Memory. The CAM table stores information such as MAC addresses available on physical ports with their associated VLAN. All CAM tables have a fixed size. 3
4 Normal CAM Behavior 1/3 4
5 Normal CAM Behavior 2/3 5
6 Normal CAM Behavior 3/3 6
7 MAC Address Spoofing 1/2 7
8 MAC Address Spoofing 2/2 8
9 CAM Overflow 1/3 Macof tool since 1999 About 100 lines of perl. Included in the dsniff tool. Attack successful by exploiting the size limit on CAM tables. To keep hosts that work with sensitive data on a separate VLAN. To isolate the traffic coming from untrusted parts from the network. 9
10 CAM Overflow 2/3 10
11 CAM Overflow 3/3 The attacker sends a continuous set of frames with random source MAC. Because CAM tables have limited size, eventually the switch will run out of room and not have any more space for new MAC addresses. Since there is no more room in the CAM table for the host without an entry, all communications to that host must be flooded. The attacker can now see all the traffic sent from the victim host to the host without a CAM table entry. This could include passwords, usernames, and so forth. 11
12 Caveats for MAC Attacks with a completely full CAM table, traffic is flooded only on the local VLAN, meaning traffic on VLAN 10 stays on VLAN 10, but everyone with a port on VLAN 10 will see the traffic. Because of the flooding, this attack could also flood the CAM table on adjacent switches. Because of the sheer quantity of traffic the attacker sends, this attack might also result in a DoS condition on the network. 12
13 Countermeasures for MAC Attacks Port Security Limits the Amount of MACs on an Interface. 13
14 Port Security In the past you would have to type in the only MAC you were going to allow on that port. You can now put a limit to how many MAC address a port will learn. You might still want to do static MAC entries on ports that there should be no movement of devices, as in server farms. 14
15 Part II DHCP Attacks
16 DHCP Function: High Level 16
17 DHCP Function: Lower Level 17
18 DHCP Starvation Attack The DHCP Server leases a new IP address for each new MAC address. Attackers could continue to request IP addresses from a DHCP server by changing their source MAC addresses in much the same way as is done in a CAM table flooding attack. The goal is to try to lease all of the DHCP addresses available in the DHCP scope. This is a Denial of Service DoS attack using DHCP leases 18
19 Countermeasures for DHCP Starvation Attack Exercise. 19
20 Rogue DHCP Server Attack 20
21 Rogue DHCP Server Attack Wrong default Gateway Attacker is the gateway. Wrong DNS server Attacker is DNS server. Wrong IP address Attacker does DOS with incorrect IP. 21
22 Countermeasures: DHCP Snooping DHCP snooping works by separating trusted from untrusted interfaces on a switch. Trusted interfaces are allowed to respond to DHCP requests; untrusted interfaces are not. 22
23 DHCP Snooping Binding Table Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses. 23
24 Countermeasures: DHCP VACLs Not all switches support DHCP Snooping. The VACL can specify which addresses are able to send DHCP replies. These replies will come from the unicast IP address of the DHCP server offering the lease. By filtering these replies by source address, rogue DHCP servers can be properly filtered. 24
25 DHCP VACLs Example 1/2 The VACL can specify that only DHCP answers coming from the Default Gateway are accepted. 25
26 DHCP VACLs Example 2/2 The user PC boots up and sends a DHCP request with source and destination Both the default router and the rogue DHCP server see this request. The rogue DHCP server replies, but since the source IP address is not , the reply is dropped by the access switch. The default router passes the DHCP request to the real DHCP server, receives a reply, and passes this information on to the client. The client connects and uses the network. 26
27 Security Consideration for DHCP VACLs Using VACLs to stop rogue DHCP servers is far from comprehensive protection. The rogue server could still spoof the IP address of the legitimate DHCP server. 27
28 Part III ARP Attacks
29 ARP Function Review Before a station can talk to another station it must do an ARP request to map the IP address to the MAC address. All computers on the subnet will receive and process the ARP request; the station that matches the IP address in the request will send an ARP reply. 29
30 ARP Function Review A client is allowed to send an unsolicited ARP reply; this is called a gratuitous ARP; other hosts on the same subnet can store this information in their ARP tables. Anyone can claim to be the owner of any IP/MAC address they like send an ARP reply. 30
31 ARP Attack in Action Attacker poisons the ARP tables 31
32 ARP Attack in Action All traffic flows through the attacker 32
33 ARP Attack Clean up Attacker corrects ARP tables entries. 33
34 Countermeasure: Dynamic ARP Inspection All ARP packets must match the IP/MAC Binding table entries. If the entries do not match, throw them in the bit bucket. 34
35 Dynamic ARP Inspection Uses the information from the DHCP Snooping Binding table. Looks at the MacAddress and IpAddress fields to see if the ARP from the interface is in the binding, if not, traffic is blocked. ARP inspection allows VLAN ACLs (VACLs) to be applied to ARP traffic flowing across a specific VLAN on the switch 35
36 Part IV Other Considerations
37 Cisco Discovery Protocol (CDP) CDP allows Cisco devices to exchange information about one another's capabilities. CDP information is sent in periodic broadcasts that are updated locally in each device's CDP database. CDP information includes: Hostname, Native VLAN, Duplex setting, Software version, VTP domain settings. 37
38 Security Considerations for CDP CDP is in the clear and unauthenticated. An attacker could craft bogus CDP packets and have them received by the attacker's directly connected Cisco device. CDP can be used to learn sensitive information about the CDP sender (IP address, software version, router model ). Some Cisco applications make use of CDP. 38
39 CDP Security Recommandations Consider disabling CDP, or being very selective in its use in security sensitive environments. Besides the information gathering benefit CDP offers an attacker, there was a vulnerability in CDP that allowed Cisco devices to run out of memory and potentially crash if you sent it tons of bogus CDP packets. 39
40 Private VLAN (PVLAN) Recall that VLAN is essentially a broadcast domain. Private VLANs (PVANs) allow splitting the domain into multiple isolated broadcast subdomains, introducing sub-vlans inside a VLAN. PVLANs cannot communicate directly with each other they require an L3 device to forward packets between separate subdomains. In turn, the L3 device may either permit or forbid communications between sub-vlans using access-lists. 40
41 Why use PVLANs PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts. Service providers use PVLANs to keep their customers isolated from each other, since the traditional solution of deploying one VLAN per customer is not scalable and is difficult to manage. Another typical use for a PVLAN is to provide per-room Internet access in a hotel. 41
42 PVLAN Overview We take VLAN 1000 and divide it into three PVLANs. 42
43 PVLAN Terminology 1/2 Promiscuous ( P ) port: Usually connects to a router. This port type is allowed to send and receive L2 frames from any other port on the VLAN. Isolated ( I ) port: This type of port is only allowed to communicate with P -ports i.e., they are stub port. You commonly see these ports connecting to hosts. Community ( C ) port: Community ports are allowed to talk to their buddies, sharing the same community (group) and to P -ports. 43
44 PVLAN Terminology 2/2 Primary VLAN (VLAN 1000 in our example). This VLAN is used to forward frames downstream from P -ports to all other port types ( I and C ports) in the system. Essentially, Primary VLAN embraces all ports in the domain, but only transports frames from the router to hosts (from P to I and C ). Secondary Isolated VLAN: forwards frames from I ports to P ports. Since Isolated ports do not exchange frames with each other, we can use just ONE isolated VLAN to connect all I-Port to the P-port. Secondary Community VLANs: Transport frames between community ports (C-ports) within to the same group (community) and forward frames upstream to the P-ports of the primary VLAN. 44
45 How PVLAN Works 45
46 How PVLAN Works The Primary VLAN delivers frames downstream from the router (P port) to all mapped hosts. The Isolated VLAN transports frames from the stub hosts upstream to the router. The Community VLANs allow bi-directional frame exchange within a single group, in addition to forwarding frames upstream towards P - ports. Ethernet MAC address learning and forwarding procedure remain the same, as well as broadcast/multicast flooding procedure within boundaries of primary/secondary VLANs. 46
47 PVLAN Ports Connectivity 47
48 Part V Summary
49 Best Practices 1/2 Always use a dedicated VLAN ID for all trunk ports. Avoid using VLAN 1. Set all user ports to non-trunking. Deploy port security when possible for user ports. Choose one or more ARP security options. 49
50 Best Practices 2/2 Use authentication for VTP when VTP is needed. Disable CDP where it is not needed. Disable all unused ports and put them in an unused VLAN. Enable STP attack mitigation (BPDU Guard, Root Guard). Use PVLANs where appropriate. 50
Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview
Internetwork Expert s CCNA Security Bootcamp Mitigating Layer 2 Attacks http:// Layer 2 Mitigation Overview The network is only as secure as its weakest link If layer 2 is compromised, all layers above
More informationCCNP Switch Questions/Answers Securing Campus Infrastructure
What statement is true about a local SPAN configuration? A. A port can act as the destination port for all SPAN sessions configured on the switch. B. A port can be configured to act as a source and destination
More informationCisco Networking Academy CCNP
Semester 3 v5 -Chapter 8 Cisco Networking Academy CCNP Minimizing Service Loss and Data Theft in a Campus Network Switch security concerns Network security coverage often focuses on edge-routing devices
More informationExample: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch
Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch Requirements You can configure DHCP snooping, dynamic ARP inspection
More informationConfiguring Private VLANs
Finding Feature Information, on page 1 Prerequisites for Private VLANs, on page 1 Restrictions for Private VLANs, on page 1 Information About Private VLANs, on page 2 How to Configure Private VLANs, on
More informationExample: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks In an ARP spoofing attack, the attacker associates its own MAC address with the IP address of a network device
More informationConfiguring Private VLANs
CHAPTER 15 This chapter describes how to configure private VLANs on the Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco
More informationConfiguring Private VLANs
36 CHAPTER This chapter describes private VLANs (PVLANs) on Catalyst 4500 series switches. It also provides restrictions, procedures, and configuration examples. This chapter includes the following major
More informationBuilding Cisco Multilayer Switched Networks (BCMSN)
Building Cisco Multilayer Switched Networks (BCMSN) Table of Contents Module 1 Defining VLANs Implementing Best Practices for VLAN Topologies Describing Issues in a Poorly Designed Network Grouping Business
More informationUnderstanding Switch Security
Overview of Switch Security Understanding Switch Security Most attention surrounds security attacks from outside the walls of an organization. Inside the network is left largely unconsidered in most security
More informationARP Inspection and the MAC Address Table for Transparent Firewall Mode
ARP Inspection and the MAC Address Table for Transparent Firewall Mode This chapter describes how to customize the MAC address table and configure ARP Inspection for bridge groups. About ARP Inspection
More informationUnderstanding and Preventing Layer 2 Attacks in IPv4 Network
Understanding and Preventing Layer 2 Attacks in IPv4 Network Troy Sherman Uber Geek Agenda Layer 2 Attack Landscape Attacks and Countermeasures MAC Attacks VLAN Hopping DHCP Attacks ARP Attacks Spoofing
More informationCS Paul Krzyzanowski
The Internet Packet switching: store-and-forward routing across multiple physical networks... across multiple organizations Computer Security 11. Network Security ISP Paul Krzyzanowski Rutgers University
More informationConfiguring ARP attack protection 1
Contents Configuring ARP attack protection 1 ARP attack protection configuration task list 1 Configuring unresolvable IP attack protection 1 Configuring ARP source suppression 2 Configuring ARP blackhole
More informationUnderstanding and Preventing Layer 2 Attacks in an IPv4 Network
Understanding and Preventing Layer 2 Attacks in an IPv4 Network Agenda Layer 2 Attack Landscape Attacks and Countermeasures MAC Attacks VLAN Hopping DHCP Attacks ARP Attacks Spoofing Attacks General Attacks
More informationUnderstanding and Preventing Layer 2 Attacks BRKSEC-2002
Understanding and Preventing Layer 2 Attacks BRKSEC-2002 Agenda Layer 2 Attack Landscape Attacks and Countermeasures MAC Attacks VLAN Hopping DHCP Attacks ARP Attacks Spoofing Attacks Attacks on other
More informationFundamental IOS Security
Fundamental IOS Security Troy Sherman Principle Engineer Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click
More informationConfiguring Private VLANs Using NX-OS
This chapter describes how to configure private VLANs on Cisco NX-OS devices. Private VLANs provide additional protection at the Layer 2 level. This chapter includes the following sections: Finding Feature
More informationConfiguring Private Hosts
CHAPTER 25 This chapter describes how to configure the private hosts feature in Cisco IOS Release 12.2SX. Note For complete syntax and usage information for the commands used in this chapter, see the Cisco
More informationChapter 2. Switch Concepts and Configuration. Part II
Chapter 2 Switch Concepts and Configuration Part II CCNA3-1 Chapter 2-2 Switch Concepts and Configuration Configuring Switch Security MAC Address Flooding Passwords Spoofing Attacks Console Security Tools
More informationARP Inspection and the MAC Address Table
This chapter describes how to customize the MAC address table and configure ARP Inspection for bridge groups. About, page 1 Default Settings, page 2 Guidelines for, page 2 Configure ARP Inspection and
More informationComputer Security. 11. Network Security. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 11. Network Security Paul Krzyzanowski Rutgers University Spring 2018 April 15, 2018 CS 419 2018 Paul Krzyzanowski 1 The Internet Packet switching: store-and-forward routing across multiple
More informationConfiguring Dynamic ARP Inspection
21 CHAPTER This chapter describes how to configure dynamic Address Resolution Protocol inspection (dynamic ARP inspection) on the Catalyst 3560 switch. This feature helps prevent malicious attacks on the
More informationConfiguring ARP attack protection 1
Contents Configuring ARP attack protection 1 ARP attack protection configuration task list 1 Configuring unresolvable IP attack protection 1 Configuring ARP source suppression 2 Configuring ARP blackhole
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationCCNP SWITCH (22 Hours)
CCNP SWITCH 642-813 (22 Hours) Chapter-1 Enterprise Campus Network Design 1.1 IIN & SONA 1.2 Campus Network 1.3 Enterprise Model 1.4 Nonhierarchical Network Devices Layer-2 Switching, Layer-3 Routing Multilayer
More informationConfiguring Dynamic ARP Inspection
Finding Feature Information, page 1 Restrictions for Dynamic ARP Inspection, page 1 Understanding Dynamic ARP Inspection, page 3 Default Dynamic ARP Inspection Configuration, page 6 Relative Priority of
More informationMassimiliano Sbaraglia
Massimiliano Sbaraglia Printer Layer 2 access connections to End-Point Layer 2 connections trunk or layer 3 p2p to pair distribution switch PC CSA PVST+ or MST (Spanning Tree Protocol) VLANs LapTop VoIP
More informationSWITCH Implementing Cisco IP Switched Networks
Hands-On SWITCH Implementing Cisco IP Switched Networks CCNP Course 2 Course Description Revised CCNP Curriculum and Exams Cisco has redesigned the CCNP courses and exams to reflect the evolving job tasks
More informationInterconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview
Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview This course will teach students about building a simple network, establishing internet connectivity, managing network device security,
More informationCampus Networking Workshop. Layer 2 engineering Spanning Tree and VLANs
Campus Networking Workshop Layer 2 engineering Spanning Tree and VLANs Switching Loop When there is more than one path between two switches What are the potential problems? Switching Loop If there is more
More informationQ&As Implementing Cisco IP Switched Networks (SWITCH v2.0)
CertBus.com 300-115 Q&As Implementing Cisco IP Switched Networks (SWITCH v2.0) Pass Cisco 300-115 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee
More informationDeploying Layer 2 Security in Server Farms
March, 2003 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) ax: 408 526-4100 THE SPECIICATIONS AND
More informationConfiguring DHCP Features and IP Source Guard
CHAPTER 23 This chapter describes how to configure DHCP snooping and option-82 data insertion, and the DHCP server port-based address allocation features on the IE 3000 switch. It also describes how to
More informationConfiguring DHCP Features and IP Source Guard
CHAPTER 21 This chapter describes how to configure DHCP snooping and the option-82 data insertion features on the switch. It also describes how to configure the IP source guard feature.unless otherwise
More informationConfiguring IPv6 First-Hop Security
This chapter describes the IPv6 First-Hop Security features. This chapter includes the following sections: Finding Feature Information, on page 1 Introduction to First-Hop Security, on page 1 RA Guard,
More informationActualTest v by-VA
ActualTest-642-813-v2012-10-29-by-VA Number: 154 Passing Score: 790 Time Limit: 140 min File Version: 2.7 http://www.gratisexam.com/ Implementing Cisco IP Switched Networks (SWITCH) I rearranged the last
More informationSwitching & ARP Week 3
Switching & ARP Week 3 Module : Computer Networks Lecturer: Lucy White lbwhite@wit.ie Office : 324 Many Slides courtesy of Tony Chen 1 Ethernet Using Switches In the last few years, switches have quickly
More informationTestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified
TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE Modified 2017-07-10 TestOut Routing and Switching Pro Outline- English 6.0.x Videos: 133 (15:42:34) Demonstrations: 78 (7:22:19) Simulations:
More informationCisco Systems Korea Cisco Systems, Inc. All rights reserved. 1
(taecho@cisco.com) Cisco Systems Korea 2008 Cisco Systems, Inc. All rights reserved. 1 (Cisco Integrated Security Features) - Port Security - DHCP Snooping - Dynamic ARP Inspection - IP Source Guard -
More informationUnderstanding and Configuring Dynamic ARP Inspection
29 CHAPTER Understanding and Configuring Dynamic ARP Inspection This chapter describes how to configure Dynamic ARP Inspection (DAI) on the Catalyst 4500 series switch. This chapter includes the following
More informationSelected Network Security Technologies
Selected Network Security Technologies Petr Grygárek rek Agenda: Security in switched networks Control Plane Policing 1 Security in Switched Networks 2 Switch Port Security Static MAC addresses assigned
More informationConfiguring Wireless Multicast
Finding Feature Information, on page 1 Prerequisites for, on page 1 Restrictions for, on page 1 Information About Wireless Multicast, on page 2 How to Configure Wireless Multicast, on page 6 Monitoring
More informationInternetwork Expert s CCNP Bootcamp. Hierarchical Campus Network Design Overview
Internetwork Expert s CCNP Bootcamp Hierarchical Campus Network Design Overview http:// Hierarchical Campus Network Design Overview Per Cisco, a three layer hierarchical model to design a modular topology
More informationCisco. Exam Questions SWITCH Implementing Cisco IP Switched Networks. Version:Demo
Cisco Exam Questions 300-115 SWITCH Implementing Cisco IP Switched Networks Version:Demo 1. Which type of information does the DHCP snooping binding database contain? A. untrusted hosts with leased IP
More informationConfiguring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent
Finding Feature Information, page 1 Information About DHCP, page 1 How to Configure DHCP Features, page 8 Server Port-Based Address Allocation, page 17 Finding Feature Information Your software release
More informationExample: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces
Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces Requirements Ethernet LAN switches are vulnerable to attacks
More informationConfiguring Private VLANs
This chapter contains the following sections: Information About Private VLANs, page 1 Guidelines and Limitations for Private VLANs, page 6 Configuring a Private VLAN, page 6 Verifying Private VLAN Configuration,
More informationConfiguring DHCP. Finding Feature Information
This chapter describes how to configure the Dynamic Host Configuration Protocol (DHCP) on a Cisco NX-OS device. This chapter includes the following sections: Finding Feature Information, page 1 Information
More informationConfiguring DHCP Features
This chapter describes how to configure DHCP snooping and option-82 data insertion on the Cisco ASR 920 Series Router. Finding Feature Information, page 1 Limitations and Restrictions, page 1 DHCP Features,
More information2. Network Infrastructure Security -- Switching
2. Network Infrastructure Security -- Switching This chapter focuses on the network infrastructure security at data link layer, with particular concern on switch security. The goals are not simply to list
More informationWhite Paper. Ruijie DHCP Snooping. White Paper
White Paper Contents Introduction... 3 Technical Analysis of DHCP... 4 DHCP Overview...4 DHCP Technical Principle...5 Technical Analysis of DAI... 7 ARP Overview...7 ARP Spoofing Technical Principle...7
More informationBraindumpsIT. BraindumpsIT - IT Certification Company provides Braindumps pdf!
BraindumpsIT http://www.braindumpsit.com BraindumpsIT - IT Certification Company provides Braindumps pdf! Exam : 300-115 Title : Implementing Cisco IP Switched Networks Vendor : Cisco Version : DEMO Get
More informationRuijie Anti-ARP Spoofing
White Paper Contents Introduction... 3 Technical Principle... 4 ARP...4 ARP Spoofing...5 Anti-ARP Spoofing Solutions... 7 Non-Network Device Solutions...7 Solutions...8 Application Cases of Anti-ARP Spoofing...11
More informationexam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)
100-105.exam Number: 100-105 Passing Score: 800 Time Limit: 120 min CISCO 100-105 Interconnecting Cisco Networking Devices Part 1 (ICND) Exam A QUESTION 1 Which route source code represents the routing
More informationConfiguring DHCP Features
CHAPTER 19 This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping and the option-82 data insertion features on the Catalyst 3750 switch. Unless otherwise noted, the
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Cisco IP Switched Networks. Version: Demo
Vendor: Cisco Exam Code: 642-813 Exam Name: Implementing Cisco IP Switched Networks Version: Demo QUESTION 1 Which two RSTP port roles include the port as part of the active topology? (Choose two) A. Root
More informationPassTorrent. Pass your actual test with our latest and valid practice torrent at once
PassTorrent http://www.passtorrent.com Pass your actual test with our latest and valid practice torrent at once Exam : 352-011 Title : Cisco Certified Design Expert Practical Exam Vendor : Cisco Version
More informationConfiguring DHCP Features and IP Source Guard
CHAPTER 21 This chapter describes how to configure DHCP snooping and option-82 data insertion, and the DHCP server port-based address allocation features on the switch. It also describes how to configure
More informationCisco CCNP Exam
Cisco CCNP 642-813 Exam Number: 160 Passing Score: 800 Time Limit: 120 min File Version: 1301 http://www.gratisexam.com/ Cisco CCNP 642-813 Exam EnsurePass.com Vendor:Cisco Exam Code:642-813 Contact us:
More informationAN INTRODUCTION TO ARP SPOOFING
AN INTRODUCTION TO ARP SPOOFING April, 2001 Sean Whalen Sophie Engle Dominic Romeo GENERAL INFORMATION Introduction to ARP Spoofing (April 2001) Current Revision: 1.8 Available: http://chocobospore.org
More informationChapter 5 Reading Organizer After completion of this chapter, you should be able to:
Chapter 5 Reading Organizer After completion of this chapter, you should be able to: Describe the operation of the Ethernet sublayers. Identify the major fields of the Ethernet frame. Describe the purpose
More informationSwitched environments security... A fairy tale.
Switched environments security... A fairy tale. Cédric Blancher 10 july 2002 Outline 1 Network basics Ethernet basics ARP protocol Attacking LAN Several ways to redirect network
More informationactualtests.cisco.ccnp switch by.passforu
actualtests.cisco.ccnp.642-813.switch.2012.07.02.by.passforu Number: 642-813 Passing Score: 800 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ www.passforu.com obtain your it certifications
More informationConfiguring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent
Finding Feature Information, on page 1 Information About DHCP, on page 1 How to Configure DHCP Features, on page 8 Server Port-Based Address Allocation, on page 17 Finding Feature Information Your software
More informationNumber: Passing Score: 800 Time Limit: 120 min File Version: 9.0. Cisco Questions & Answers
300-115 Number: 300-115 Passing Score: 800 Time Limit: 120 min File Version: 9.0 Cisco 300-115 Questions & Answers Implementing Cisco IP Switched Networks Version: 9.0 Cisco 300-115 Exam Topic 1, Layer
More informationUniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL
UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL Contents: UniNets CCNA Security LAB MANUAL Section 1 Securing Layer 2 Lab 1-1 Configuring Native VLAN on a Trunk Links Lab 1-2 Disabling
More informationFinding Feature Information, page 2 Information About DHCP Snooping, page 2 Information About the DHCPv6 Relay Agent, page 8
This chapter describes how to configure the Dynamic Host Configuration Protocol (DHCP) on a Cisco NX-OS device. This chapter includes the following sections: Finding Feature Information, page 2 Information
More informationConfiguring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent
Finding Feature Information, page 1 Information About DHCP, page 1 How to Configure DHCP Features, page 8 Server Port-Based Address Allocation, page 18 Finding Feature Information Your software release
More informationConfiguring DHCP Snooping
15 CHAPTER This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on an NX-OS device. This chapter includes the following sections: Information About DHCP Snooping,
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationConfiguring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent
Finding Feature Information, page 1 Information About DHCP, page 1 How to Configure DHCP Features, page 8 Server Port-Based Address Allocation, page 18 Finding Feature Information Your software release
More informationCisco Exam Bundle
Cisco 642-813 Exam Bundle Number: 642-813 Passing Score: 790 Time Limit: 120 min File Version: 22.3 http://www.gratisexam.com/ Cisco 642-813 Exam Bundle Exam Name: Cisco implementing cisco switched networks
More informationA Framework for Optimizing IP over Ethernet Naming System
www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul
More informationNetwork Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018
Network Security Evil ICMP, Careless TCP & Boring Security Analyses Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018 Part I Internet Control Message Protocol (ICMP) Why ICMP No method
More informationManaging Switches. Finding More Information About IOS Commands CHAPTER
CHAPTER 4 This chapter describes how to use the device-management features of the Cluster Management Suite (CMS). The features described in this chapter can all be implemented through Visual Switch Manager
More information: Building Cisco Multilayer Switched Networks
Exam : Cisco 642-812 Title : Building Cisco Multilayer Switched Networks Version : Demo Cheat-Test,help you pass any IT exam! Q: 1 Which three statements about the Multiple Spanning Tree (MST) protocol
More informationUser Guide TL-R470T+/TL-R480T REV9.0.2
User Guide TL-R470T+/TL-R480T+ 1910012468 REV9.0.2 September 2018 CONTENTS About This Guide Intended Readers... 1 Conventions... 1 More Information... 1 Accessing the Router Overview... 3 Web Interface
More informationConfiguring DHCP. About DHCP Snooping, page 2 About the DHCPv6 Relay Agent, page 8
This chapter describes how to configure the Dynamic Host Configuration Protocol (DHCP) on a Cisco NX-OS device. This chapter includes the following sections: About DHCP Snooping, page 2 About the DHCP
More informationHP A3100 v2 Switch Series
HP A3100 v2 Switch Series Layer 3 - IP Services Configuration Guide HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B)
More informationConfiguring DHCP. Information About DHCP. DHCP Server. DHCP Relay Agent. DHCP Snooping
Information About DHCP DHCP Server DHCP Relay Agent DHCP Snooping Information About DHCP, on page 1 How to Configure DHCP Features, on page 7 Server Port-Based Address Allocation, on page 13 Feature Information
More informationCisco Exam Bundle
Cisco 642-813 Exam Bundle Number: 642-813 Passing Score: 790 Time Limit: 120 min File Version: 22.3 http://www.gratisexam.com/ Cisco 642-813 Exam Bundle Exam Name: Cisco implementing cisco switched networks
More informationPrivate Hosts (Using PACLs)
CHAPTER 35 This chapter describes the Private Hosts feature, which is being introduced for the Cisco 7600 series router in Cisco IOS Release 12.2SRB. This chapter contains the following sections: Overview,
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationConfiguring Private VLANs
36 CHAPTER This chapter describes private VLANs (PVLANs) on Catalyst 4500 series switches. It also provides restrictions, procedures, and configuration examples. This chapter includes the following major
More informationIPv6 Client IP Address Learning
Prerequisites for IPv6 Client Address Learning, on page 1 Information About IPv6 Client Address Learning, on page 1 Configuring IPv6 Unicast, on page 6 Configuring RA Guard Policy, on page 7 Applying RA
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : 200-125 Title : CCNA Cisco Certified Network Associate CCNA (v3.0) Vendor : Cisco Version : DEMO Get
More informationConfiguration Examples for DHCP, on page 37 Configuration Examples for DHCP Client, on page 38 Additional References for DHCP, on page 38
This chapter describes how to configure the Dynamic Host Configuration Protocol (DHCP) on a Cisco NX-OS device. This chapter includes the following sections: About DHCP Snooping About DHCP Snooping, on
More informationBasic L2 and L3 security in Campus networks. Matěj Grégr CNMS 2016
Basic L2 and L3 security in Campus networks Matěj Grégr CNMS 2016 1/ Communication in v4 network Assigning v4 address using DHCPv4 Finding a MAC address of a default gateway Finding mapping between DNS
More informationCisco.Braindumps v by.Toni.259q. Exam Code: Exam Name: Cisco implementing cisco switched networks
Cisco.Braindumps.642-813.v2014-01-01.by.Toni.259q Number: 642-813 Passing Score: 825 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Exam Code: 642-813 Exam Name: Cisco implementing cisco
More informationCS 457 Lecture 11 More IP Networking. Fall 2011
CS 457 Lecture 11 More IP Networking Fall 2011 IP datagram format IP protocol version number header length (bytes) type of data max number remaining hops (decremented at each router) upper layer protocol
More informationIT Exam Training online / Bootcamp
DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 210-260 Title : Implementing Cisco Network Security Vendor : Cisco Version
More informationIntroduction to Switched Networks Routing And Switching
Introduction to Switched Networks Routing And Switching 1 Converged Networks Growing Complexity of Networks Our digital world is changing Information must be accessed from anywhere in the world Networks
More informationIPv6 Snooping. Finding Feature Information. Restrictions for IPv6 Snooping
The feature bundles several Layer 2 IPv6 first-hop security features, including IPv6 neighbor discovery inspection, IPv6 device tracking, IPv6 address glean, and IPv6 binding table recovery, to provide
More informationNetwork Configuration Example
Network Configuration Example Configuring Private VLANs on a QFX Switch Using Extended Functionality Modified: 2016-08-01 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000
More informationDHCP Configuration. Page 1 of 14
DHCP Configuration Page 1 of 14 Content Chapter 1 DHCP Configuration...1 1.1 DHCP Overview...1 1.2 DHCP IP Address Assignment... 1 1.2.1 IP Address Assignment Policy...1 1.2.2 Obtaining IP Addresses Dynamically...2
More informationImplementing Cisco IP Switched Networks (SWITCH)
Implementing Cisco IP Switched Networks (SWITCH) COURSE OVERVIEW: Implementing Cisco Switched Networks (SWITCH) v2.0 is a five-day instructor-led training course developed to help students prepare for
More informationCSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers
CSC 6575: Internet Security Fall 2017 Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee
More informationCHAPTER 1: VLANS. Routing & Switching
CHAPTER 1: VLANS Routing & Switching CHAPTER 1 1.1 VLAN Segmentation 1.2 VLAN Implementation 1.3 VLAN Security and Design 1.4 Summary CHAPTER 1 : OBJECTIVES Explain the purpose of VLANs in a switched network.
More informationUnderstanding and Configuring Private VLANs
CHAPTER 8 This chapter describes private VLANs on the Catalyst 4000 family switches. It also provides guidelines, procedures, and configuration examples. This chapter includes the following major sections:
More information