Seguridad en redes vlan
Páginas: 45 (11125 palabras)
Publicado: 21 de julio de 2010
Virtual LAN Security: weaknesses and countermeasures
GIAC Security Essentials Practical Assignment
Version 1.4b
1 Abstract
Based on Blackhat report [11], we decided to investigate some possibilities to attack VLANs (Virtual Local Area Network). We think that is important to study this particular threat and gain insight into the involved mechanisms, as a breach of VLAN’s securitycan have tremendous consequences. Indeed, VLANs are used to separate subnets and implement security zones. The possibility to send packets across different zones would render such separations useless, as a compromised machine in a low security zone could initiate denial of service attacks against computers in a high security zone. Another threat lies in the possibility to “destroy” thevirtual architecture, performing indeed a DoS (Denial Of Service) against a whole network architecture. Recovery time would impact significantly on the business operations; in addition of an additional compromise threat during the time the subnets separations are removed, leading finally to information disclosure. As it seems possible to send packets across VLANs, our questions were: � Whatis the required effort to perform this? � What can be done in order to increase VLAN security?
In a first step we got familiar with the different in terms of strategy and supporting
tools. Then we set up a prototype demonstrating five attacks: 1. Basic Hopping VLAN Attack, 2. Double Encapsulated 802.1q VLAN Hopping Attack, 3. VLAN Trunking Protocol Attack, 4. Media Access ControlAttack and 5. Private VLANs Attack. Based on [10], the hardenings of the switches succeed to protect VLANs against the attacks, but this has rapidly increased the work of the administrator. Thus, Administrators have to assess the ratio between the amount of work and the risk to be attacked.
2
Table of content
1 2ABSTRACT..........................................................................................................................................................2
INTRODUCTION...............................................................................................................................................5
2.1 3 PURPOSE....................................................................................................................................................... 5
LAYER 2 ATTACKS LANDSCAPE (FOR CISCO SWITCHES).......................................................6
3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 M EDIA A CCESS CONTROL (MAC) A TTACK ........................................................................................... 6
BASIC VLAN HOPPING ATTACK.............................................................................................................. 7
DOUBLE ENCAPSULATION VLAN HOPPING ATTACK ............................................................................ 7
A DDRESS RESOLUTION PROTOCOL (ARP) ATTACKS ............................................................................ 8
SPANNING TREE ATTACK.......................................................................................................................... 9
VLAN TRUNKING PROTOCOL (VTP) ATTACK ...................................................................................... 9
VMPS/VQP ATTACK ................................................................................................................................. 9
CISCO DISCOVERY PROTOCOL (CDP) ATTACKS.................................................................................. 10
PRIVATE VLAN (PVLAN) ATTACK...................................................................................................... 10
SUM UP ....................................................................................................................................................... 11
4
ATTACKS IN...
GIAC Security Essentials Practical Assignment
Version 1.4b
1 Abstract
Based on Blackhat report [11], we decided to investigate some possibilities to attack VLANs (Virtual Local Area Network). We think that is important to study this particular threat and gain insight into the involved mechanisms, as a breach of VLAN’s securitycan have tremendous consequences. Indeed, VLANs are used to separate subnets and implement security zones. The possibility to send packets across different zones would render such separations useless, as a compromised machine in a low security zone could initiate denial of service attacks against computers in a high security zone. Another threat lies in the possibility to “destroy” thevirtual architecture, performing indeed a DoS (Denial Of Service) against a whole network architecture. Recovery time would impact significantly on the business operations; in addition of an additional compromise threat during the time the subnets separations are removed, leading finally to information disclosure. As it seems possible to send packets across VLANs, our questions were: � Whatis the required effort to perform this? � What can be done in order to increase VLAN security?
In a first step we got familiar with the different in terms of strategy and supporting
tools. Then we set up a prototype demonstrating five attacks: 1. Basic Hopping VLAN Attack, 2. Double Encapsulated 802.1q VLAN Hopping Attack, 3. VLAN Trunking Protocol Attack, 4. Media Access ControlAttack and 5. Private VLANs Attack. Based on [10], the hardenings of the switches succeed to protect VLANs against the attacks, but this has rapidly increased the work of the administrator. Thus, Administrators have to assess the ratio between the amount of work and the risk to be attacked.
2
Table of content
1 2ABSTRACT..........................................................................................................................................................2
INTRODUCTION...............................................................................................................................................5
2.1 3 PURPOSE....................................................................................................................................................... 5
LAYER 2 ATTACKS LANDSCAPE (FOR CISCO SWITCHES).......................................................6
3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 M EDIA A CCESS CONTROL (MAC) A TTACK ........................................................................................... 6
BASIC VLAN HOPPING ATTACK.............................................................................................................. 7
DOUBLE ENCAPSULATION VLAN HOPPING ATTACK ............................................................................ 7
A DDRESS RESOLUTION PROTOCOL (ARP) ATTACKS ............................................................................ 8
SPANNING TREE ATTACK.......................................................................................................................... 9
VLAN TRUNKING PROTOCOL (VTP) ATTACK ...................................................................................... 9
VMPS/VQP ATTACK ................................................................................................................................. 9
CISCO DISCOVERY PROTOCOL (CDP) ATTACKS.................................................................................. 10
PRIVATE VLAN (PVLAN) ATTACK...................................................................................................... 10
SUM UP ....................................................................................................................................................... 11
4
ATTACKS IN...
Leer documento completo
Regístrate para leer el documento completo.