Tecn

Solo disponible en BuenasTareas
  • Páginas : 12 (2910 palabras )
  • Descarga(s) : 7
  • Publicado : 4 de julio de 2010
Leer documento completo
Vista previa del texto
Understanding and Preventing Layer 2 and 3 Attacks Julio Andrés Valenzuela Cofré
Mayo 18, 2010 Santiago, Chile

Agenda
Types of Attacks on a Switched Network  MAC-Based Attacks (Mac Address Flooding)  VLAN-Based Attacks (Switch Spoofing, VLAN Hopping, Attacks against devices on the same VLAN)  Spoofing Attacks (DHCP Spoofing, MAC Spoofing, ARP Spoofing)  Attacks against the switch (CDPmanipulation, telnet attacks, SSH attacks)  Protecting Cisco IOS

FBI/CSI Risk Assessment*
 Many enterprises network ports are open.  Usually any laptop can plug into the network and gain access to the network.  Endpoint security client software is 32%.  23% said they had no idea how many times or if they were attacked.  Yet, 23% said they never had an attack on the inside.  50% of allattacks are from the inside (down from over 75% several years ago)

*CIS/FBI Computer Crime and Security Survey - 2008 http://www.gocsi.com/

Mac Address Flooding Attack

Mac Address Flooding Attack

Mac Address Flooding Attack

Mac Address Flooding Attack

Mac Address Flooding Attack

Mac Address Flooding Attack
 The attacker fills the switch CAM table with invalid source MACAddress.  When the CAM table is full, all traffic without a CAM entry is flooded out every port on that VLAN. This will turn a VLAN on a switch basically into a hub.  This means more traffic on the LAN and more CPU usage.  The attacker can use a sniffer on a switched network.  When the attack stops, CAM entries age out.  To mitigate this king of attack:  Port Security  Port BasedAuthentication

Port Security Configuration
ALS1(config)#int fa0/1 ALS1(config-if)#switchport port-security Command rejected: Fa0/1 is not an access port. ALS1(config-if)#switchport mode access ALS1(config-if)#switchport port-security ALS1(config-if)#switchport port-security maximum ? Maximum addresses ALS1(config-if)#switchport port-security mac-address ? H.H.H 48 bit mac address sticky Configuredynamic secure addresses as sticky ALS1(config-if)#switchport port-security violation ? protect Security violation protect mode restrict Security violation restrict mode shutdown Security violation shutdown mode ALS1(config-if)#switchport port-security aging ? time Port-security aging time type Port-security aging type

Port Security Configuration
ALS1#sh port-security interface fa0/7 PortSecurity : Disabled Port Status : Secure-down Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses :0 Configured MAC Addresses : 0 Sticky MAC Addresses :0 Last Source Address : 0000.0000.0000 Security Violation Count : 0 ALS1#sh interfaces status err-disabled ALS1#sh port-security Secure Port MaxSecureAddrCurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------Fa0/1 1 0 0 Shutdown --------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 DSL2#sh int status Port Name StatusVlan Duplex Speed Type Fa0/1 err-disable 1 auto auto 10/100BaseTX Fa0/2 notconnect 1 auto auto 10/100BaseTX DSL2(config)#errdisable recovery ? cause Enable error disable recovery for appli

Port Security
 Limits the number of MAC Address per port.  The MAC address can be learned or static configured.  The action if a violation is detected:  Shutdown: err-disable state.  Restrict: Theport is up, all packets from violating MAC address are dropped. Can send an SNMP trap and syslog message.  Protect: The port is up, all packets from violating MAC address are dropped. Doesn’t send SNMP trap or syslog message.  Caution with Access Point.

Port Based Authentication
 Requires a computer to be authenticated before it’s allowed to the LAN (also known as 802.1x authentication). ...
tracking img