University of Khartuom. Switch port security

Similar documents
Configuring DHCP Snooping

Configuring Port Security

Network Security. Topology. Spring This is the logical topology of the network environment used for testing.

Securing end devices

Chapter 2 Reading Organizer

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Configuring Port Security

Security Considerations in IP Telephony Network Configuration

Switch Configuration Required to Support Cisco ISE Functions

Securing Cisco Network Devices (SND)

The Trivial Cisco IP Phones Compromise

Network security includes the detection and prevention of unauthorized access to both the network elements and those devices attached to the network.

Configuring Network Load Balancing for vethernet

ProCurve Networking. Hardening ProCurve Switches. Technical White Paper

Avaya TM G700 Media Gateway Security. White Paper

Firewalls. Chapter 3

Avaya G700 Media Gateway Security - Issue 1.0

VPN. Date: 4/15/2004 By: Heena Patel

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Security Technology: Firewalls and VPNs

CCT vs. CCENT Skill Set Comparison

CISCO IOS NETWORK SECURITY (IINS)

Security Technology White Paper

Understanding and Configuring 802.1X Port-Based Authentication

Portal Authentication Technology White Paper

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Geschreven door Administrator woensdag 13 februari :37 - Laatst aangepast woensdag 13 februari :05

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

7.1. Remote Access Connection

Threats to be considered (1) ERSTE GROUP

Network Defense Tools

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

8. Firewall Design & Implementation

Remote Access Security

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

CMS Operational Policy for Firewall Administration

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Configuring DHCP Snooping and IP Source Guard

CTS2134 Introduction to Networking. Module Network Security

Securing Networks with PIX and ASA

Securing the Connected Enterprise

ReadyNAS Remote White Paper. NETGEAR May 2010

Security Issues with Distributed Web Applications

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Model 2120 Single Port RS-232 Terminal Server Frequently Asked Questions

Configuring TACACS+, RADIUS, and Kerberos on Cisco Catalyst Switches

Linux Network Security

Recommended IP Telephony Architecture

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example

CMPT 471 Networking II

BASIC ANALYSIS OF TCP/IP NETWORKS

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Configuring Network Load Balancing for vethernet

A Research Study on Packet Sniffing Tool TCPDUMP

P330-ML Version 4.5 Release Notes

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Tim Bovles WILEY. Wiley Publishing, Inc.

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Basics of Internet Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Configuring Wired 802.1x Authentication on Windows Server 2012

How To Pass A Credit Course At Florida State College At Jacksonville

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Lab VI Capturing and monitoring the network traffic

Ensuring HIPAA Compliance in Healthcare

VoIPon Tel: +44 (0) Fax: +44 (0)

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

Firewalls, Tunnels, and Network Intrusion Detection

Implementing Cisco IOS Network Security

Maruleng Local Municipality

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

CS5008: Internet Computing

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Cisco Secure PIX Firewall with Two Routers Configuration Example

Closing Wireless Loopholes for PCI Compliance and Security

- Virtual LANs (VLANs) and VTP -

Configuring MAC ACLs

General Network Security

Firewalls, IDS and IPS

Packet Sniffing on Layer 2 Switched Local Area Networks

RuggedCom Solutions for

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Architecture Overview

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

"Charting the Course...

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Implementing Secure Converged Wide Area Networks (ISCW)

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Configuring User Authentication

Solutions for LAN Protection

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

Domain 6.0: Network Security

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

How To Configure InterVLAN Routing on Layer 3 Switches

SNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865

Transcription:

University of Khartuom Information technology & Network Administrator Switch port security Presented: by Ali Jbraldar

National Security Telecommunications and Information Systems Security Committee (NSTISSC) Network security is the protection of information and systems and hardware that use, store, and transmit that information. Network security encompasses those steps that are taken to ensure the confidentiality, integrity, and availability of data or resour.

Network Security initiatives and network security specialists can found in private and public, large and small companies and organizations.the need for network security and its growth are driven by many factors: Internet connectivity is 24/7 and is world wide Increase cyber crime Impact on business Proliferation of threats Sophistication of threats

1.confidentiality Prevent the disclosure of sensitive information from unauthorized people,resources, and processes 2.integrity The protection of system information or processes from intentional or accidental modification 3.Availability The asscurance that systems and data are accidental by unauthorized users when needed.

A potential danger to information or a system An example: the ability to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network There may be weaknesses that greatly increase the likelihood of a threat manifesting.

1. Eavesdropping 2. Denial-of-service 3.Packet replay 4.Packet modification

Types of Attacks

Come from hackers who are more highly motivated and technically competent. These people know system vulnerabilities and can understand and develop exploit code and scripts. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies

Consists of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing and challenging a hacker s skills can still do serious damage to a company.

MAC spoofing 2-MAC address table overflow attacks MAC spoofing: is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. The MAC address that is hard-coded on a network interface controller (NIC) cannot be changed. However, many drivers allow the MAC address to be changed.

MAC address flooding attack is very common security attack. MAC address table in a switch has the MAC addresses available on a given physical port of a switch and the associated VLAN parameters for each. MAC flooding attacks are sometimes called MAC address table overflow attacks. To understand the mechanism of a MAC address table overflow attack we must recall how does a switch work in the first place. Switch before attack When switch receives a frame, the switch looks in the MAC address table (sometimes called CAM table) for the destination MAC address. Cisco Catalyst switch models use a MAC address table for Layer 2 switching. When frames arrive on switch ports, the source MAC addresses are learned from Layer 2 packet header and recorded in the MAC address table. If the switch has already learned the mac address of the computer connected to his particular port then an entry exists for the MAC address. In this case the switch forwards the frame to the MAC address port designated in the MAC address table. If the MAC address does not exist, the switch acts like a hub and forwards the frame out every other port on the switch

But this is where the attacker is coming into play. The key to understanding how MAC address table overflow attacks work is to know that MAC address tables are limited in size. MAC flooding makes use of this limitation to send to the switch a whole bunch of fake source MAC addresses until the switch MAC address table is fully loaded and can not save any more MAC address Port mapping entries. The switch then enters into a fail-open mode that means that it starts acting as a hub. In this situation switch will broadcasts all received packets to all the machines on the network. As a result, the attacker (in our case PC) can see all the frames sent from a victim host to another host without a MAC address table entry.

Port security : is a layer 2and 3 traffic control feature on Cisco Catalyst switches. It enables an administrator configure individual switch ports to allow only a specified number of source MAC addresses ingressing the port. Anyone can access unsecure network resources by simply plugging his host into one of our available switch ports. A user can also change his physical location in LAN network without telling the admin. You can secure layer two accesses as well as keep users in their tracks by using port security. Thus port security feature enhances the LAN security.

To begin with, there are three different types of secure MAC address: Dynamic secure MAC addresses This type of secure MAC address is learned dynamically from the traffic that is sent through the switchport. These types of addresses are kept only in an address table and not in the running configuration. Static secure MAC addresses. This type of secure MAC address is statically configured on a switchport and is stored in an address table and in the running configuration Sticky secure MAC addresses This type of secure MAC address can be manually configured or dynamically learned. These types of addresses are kept in an address table and in the running configuration.

by default, the maximum number of secure MAC addresses per switchport is limited to 1) An address learned or configured on one secure interface is seen on another secure interface in the same VLAN

The second piece of switchport port-security that must be understood is a security violation including what it is what causes it and what the different violation modes that exist. A switchport violation occurs in one of two situations. Protect This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, no notification action is taken when traffic is dropped. Restrict This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is dropped. Shutdown This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and reenabling the switchport.

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 Command Switch(config)# interface interface_id Switch(config-if)# switchport mode ( access) Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address (static- sticky) Switch(config-if)# switchport port-security maximum value Switch(config-if)# switchport port-security violation {restrict shutdown Port security verifications show port-security show port-security interface_id show port-security address

The AAA working group is chartered to work on authentication, authorization, and accounting solutions for the Internet. This work consists of a base protocol, applications, end-to-end security application, and a general architecture for providing these services.

Authentication: provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. If the credentials are at variance, authentication fails and network access is denied.

1- Authentication password only Uses a login and password combination on access lines Easiest to implement, but most unsecure method Provides no accountability 2- Authentication local database Creates individual user account/password on each device Provides accountability secure

Authorization for doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication.

accounting, which measures the resources a user consumes during access. This can include the amount of system time or the amount of data a user has sent and/or received during a session. Accounting is carried out by logging of session statistics and usage information and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities.

TACACS+ or RADIUS protocols are used to communicate between the clients and AAA security servers.

Raduis: a protocol for carrying information related to authentication, authorization, and configuration between a Network Access Server that desires to authenticate its links and a shared Authentication Server. RADIUS stands for Remote Authentication Dial In User Service. Transactions between a client and a server are authenticated through the use of a shared key. This key is never sent over the network. Password is encrypted before sending it over the network. It uses Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), or Extensible Authentication Protocol (EAP) protocols to authenticate users. It look in text file, LDAP Servers, Database for authentication. SNMP is used for remote monitoring. It can be used as a proxy Uses UDP ports 1645 or 1812 for authentication and UDP ports 1646 or 1813 for accounting

TACACS is a remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. Provides separate AAA services Utilizes TCP port 49

RADIUS TACACS Open/RFC standard CISCO Supported TCP UDP Password encrypted Entire packet encrypted

switch(config)# aaa new-model switch(config)#radius-server host (hostname - ip addresss) {key string} switch(config)#aaa authentication dot1x default group radius switch(config)#dot1x system-auth-control switch(config)#interface- id switch(config-if)#dot1x port-control {forceauthoried- force-unauthoried- auto} switch(config-if)#dot1x host-mode multi-host

Allocates IP Addresses Dynamically

The DHCP snooping binding database is also referred to as the DHCP snooping binding table. The DHCP snooping feature dynamically builds and maintains the database using information extracted from intercepted DHCP messages. The database contains an entry for each untrusted host with a leased IP address if the host is associated with a. Each entry in the DHCP snooping binding database includes the MAC address of the host, the leased IP address, the lease time, the binding type, and the VLAN number and interface information associated with the host Note: DHCP snooping is disabled in the default configuration of the switching device

switch(config)#ip dhcp snooping switch(config)#ip dhcp snooping vlan -id switch(config)# intetface type switch(config-if)# ip dhcp snooping trust switch(config)#intetface type switch(config-if)ip dhcp snooping limit rate show command switch# show ip dhcp snooping switch# show ip dhcp snooping binding

Dedicated bandwidth If the size of the address table is set to 1, the attached device is guaranteed the full bandwidth of the port. Added security Unknown devices cannot connect to the port.

The use of switchport port-security provides another level of security that can help in securing locally connected computers and the networks they connect to. This article was written to make the basic features of port-security more familiar to the reader and offered as an additional option when securing a network. Hopefully, the information contained within this article will help in this and be able to serve as a research base for securing the switched network of the reader.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information