Cisco Ethernet switch Instrukcja Użytkownika Pobierz pdf (Strona 72)

727272

l2-security-bh.ppt

Attacker

Mac:A IP:1

Victim

Mac:B IP:2

Promiscuous Port

Isolated Port

Private VLAN Attacks 2/2

¥ Only allows unidirectional traffic (Victim will ARP for A and fail)

¥ If both hosts were compromised, setting static ARP entries for each

other via the router will allow bi-directional traffic

¥ Most firewalls will not forward the packet like a router

¥ Note: this is not a PVLAN vulnerability as it enforced the rules!

S:A1 D:

PVLANs Work

Forward Packet

S:A1 D:C2

Routers Route:

Forward Packet

S:A1 D:B2

S:A1 D:

Intended PVLAN Security Is Bypassed

Router

Mac:C IP:3

1 2 ... 67 68 69 70 71 72 73 74 75 76 77 ... 83 84

Hacking Layer 2: Fun with 1
Ethernet Switches 1
¥ Layer 2 Attack Landscape 2
¥ Summary and Case Study 2
The Domino Effect 5
The Numbers from CSI/FBI 7
MAC Attacks 8
MAC Address/CAM Table Review 9
Normal CAM Behaviour 1/3 10
Normal CAM Behaviour 2/3 11
Normal CAM Behaviour 3/3 12
CAM Overflow 1/3 13
CAM Overflow 2/3 14
CAM Overflow 3/3 15
Catalyst CAM Tables 16
CAM Table Full! 18
¥ Port Security 19
Port Security Details 20
VLAN ÒHoppingÓ Attacks 21
Trunk Port Refresher 22
0100.0ccc.cccc 24
Dynamic Trunk Protocol (DTP) 25
Basic VLAN Hopping Attack 26
Hopping Attack 27
Outer Tag, Attacker VLAN 28
Inner Tag, Victim VLAN 28
Disabling Auto-Trunking 29
Security Best Practices 30
ARP Attacks 31
ARP Refresher 32
Gratuitous ARP 33
Misuse of Gratuitous ARP 34
A Test in the Lab 35
¥ ARP spoofing 36
¥ MAC flooding 36
¥ Selective sniffing 36
¥ SSH/SSL interception 36
Arpspoof in Action 37
More on Arpspoof 38
Selective Sniffing 39
SSL/SSH Interception 40
Dsniff evolves: Ettercap 43
Can It Get Much Easier? 44
ARP Entries do not age out 46
Community Ports 46
Private VLAN Configuration 47
More ARP Spoof Mitigation 49
Spanning Tree Attacks 50
Spanning Tree Basics 51
STP Attack Mitigation 56
VLAN Trunking Protocol (VTP) 57
Potential VTP Attacks 58
Layer 2 Port Authentication 59
Dynamic VLAN Access Ports 60
VMPS Architecture 61
VMPS/VQP Attacks 62
VMPS/VQP Attack Mitigation 63
(TLS, MD5, OTP) 64
802.1X Port Authentication 65
Other Attacks 66
0100.0ccc.cccc 67
CDP Attacks 68
DHCP Starvation Attacks 69
Private VLAN Attacks 1/2 71
Private VLAN Attacks 2/2 72
PVLAN Attack Mitigation 73
Nice Try 74
Random Frame Stress Attack 75
IP Telephony Considerations 76
Switch Management 77
Summary and Case Study 78
Your Own Security Policy 80
A Relevant Case Study 81
A More Secure Alternative 82
Lessons Learned 83
Further Reading 84

Komentarze do niniejszej Instrukcji

Brak uwag

Cisco Ethernet switch Instrukcja Użytkownika Strona 72

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking Cisco Ethernet switch