LAN Switch Security: What Hackers Know about Your Switches

Description

*******************************************************************************

LAN Switch Security: What Hackers Know about Your Switches

*******************************************************************************



-------------------------------------------------------------------------------

General Information

-------------------------------------------------------------------------------

Type.................: Ebook

Part Size............: 3,468,685 bytes



-------------------------------------------------------------------------------

Post Information

-------------------------------------------------------------------------------

Posted by............: ~tqw~



-------------------------------------------------------------------------------

Release Notes

-------------------------------------------------------------------------------

Contrary to popular belief, Ethernet switches are not inherently secure.

Security vulnerabilities in Ethernet switches are multiple: from the switch

implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco├?┬«

Discovery Protocol [CDP], and so on) and data plane protocols, such as Address

Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch

Security explains all the vulnerabilities in a network infrastructure related to

Ethernet switches. Further, this book shows you how to configure a switch to

prevent or to mitigate attacks based on those vulnerabilities. This book also

includes a section on how to use an Ethernet switch to increase the security of

a network and prevent future attacks.



Divided into four parts, LAN Switch Security provides you with steps you can

take to ensure the integrity of both voice and data traffic traveling over Layer

2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to

configure switches to prevent attacks against those vulnerabilities. Part II

addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how

those attacks can be mitigated. Part III shows how a switch can actually augment

the security of a network through the utilization of wirespeed access control

list (ACL) processing and IEEE 802.1x for user authentication and authorization.

Part IV examines future developments from the LinkSec working group at the IEEE.

For all parts, most of the content is vendor independent and is useful for all

network architects deploying Ethernet switches.



After reading this book, you will have an in-depth understanding of LAN security

and be prepared to plug the security holes that exist in a great number of

campus networks.



Table of Contents



Contents

Introduction xix

Part I

Vulnerabilities and Mitigation Techniques 3

Chapter 1

Introduction to Security 5

Security Triad 5

Confidentiality 6

Integrity 7

Availability 8

Reverse Security Triad 8

Risk Management 8

Risk Analysis 9

Risk Control 10

Access Control and Identity Management 10

Cryptography 11

Symmetric Cryptosystems 13

Symmetric Encryption 13

Hashing Functions 13

Hash Message Authentication Code 14

Asymmetric Cryptosystems 15

Confidentiality with Asymmetric Cryptosystems 16

Integrity and Authentication with Asymmetric Cryptosystems 17

Key Distribution and Certificates 18

Attacks Against Cryptosystems 19

Summary 21

References 21

Chapter 2

Defeating a Learning Bridge�s Forwarding Process 23

Back to Basics: Ethernet Switching 101 23

Ethernet Frame Formats 23

Learning Bridge 24

Consequences of Excessive Flooding 26

Exploiting the Bridging Table: MAC Flooding Attacks 27

Forcing an Excessive Flooding Condition 28

Introducing the macof Tool 30

MAC Flooding Alternative: MAC Spoofing Attacks 34

Not Just Theory 35

Preventing MAC Flooding and Spoofing Attacks 36

Detecting MAC Activity 36

Port Security 37

Unknown Unicast Flooding Protection 39

Summary 40

References 41

Chapter 3

Attacking the Spanning Tree Protocol 43

Introducing Spanning Tree Protocol 43

Types of STP 46

Understanding 802.1D and 802.1Q Common STP 46

Understanding 802.1w RapidSTP 46

Understanding 802.1s Multiple STP 47

STP Operation: More Details 47

Let the Games Begin! 53

Attack 1: Taking Over the Root Bridge 55

Root Guard 58

BPDU-Guard 58

Attack 2: DoS Using a Flood of Config BPDUs 60

BPDU-Guard 62

BPDU Filtering 62

Layer 2 PDU Rate Limiter 63

Attack 3: DoS Using a Flood of Config BPDUs 63

Attack 4: Simulating a Dual-Homed Switch 63

Summary 64

References 65

Chapter 4

Are VLANS Safe? 67

IEEE 802.1Q Overview 67

Frame Classification 68

Go Native 69

Attack of the 802.1Q Tag Stack 71

Understanding Cisco Dynamic Trunking Protocol 76

Crafting a DTP Attack 76

Countermeasures to DTP Attacks 80

Understanding Cisco VTP 80

VTP Vulnerabilities 81

Summary 82

References 82

Chapter 5

Leveraging DHCP Weaknesses 85

DHCP Overview 85

Attacks Against DHCP 89

DHCP Scope Exhaustion: DoS Attack Against DHCP 89

Yensinia 89

Gobbler 90

Hijacking Traffic Using DHCP Rogue Servers 92

Countermeasures to DHCP Exhaustion Attacks 93

Port Security 94

Introducing DHCP Snooping 96

Rate-Limiting DHCP Messages per Port 97

DHCP Message Validation 97

DHCP Snooping with Option 82 99

Tips for Deploying DHCP Snooping 99

Tips for Switches That Do Not Support DHCP Snooping 100

DHCP Snooping Against IP/MAC Spoofing Attacks 100

Summary 103

References 103

Chapter 6

Exploiting IPv4 ARP 105

Back to ARP Basics 105

Normal ARP Behavior 105

Gratuitous ARP 107

Risk Analysis for ARP 108

ARP Spoofing Attack 108

Elements of an ARP Spoofing Attack 109

Mounting an ARP Spoofing Attack 111

Mitigating an ARP Spoofing Attack 112

Dynamic ARP Inspection 112

DAI in Cisco IOS 112

DAI in CatOS 115

Protecting the Hosts 115

Intrusion Detection 116

Mitigating Other ARP Vulnerabilities 117

Summary 118

References 118

Chapter 7

Exploiting IPv6 Neighbor Discovery and Router Advertisement 121

Introduction to IPv6 121

Motivation for IPv6 121

What Does IPv6 Change? 122

Neighbor Discovery 126

Stateless Configuration with Router Advertisement 127

Analyzing Risk for ND and Stateless Configuration 129

Mitigating ND and RA Attacks 130

In Hosts 130

In Switches 130

Here Comes Secure ND 131

What Is SEND? 131

Implementation 133

Challenges 133

Summary 133

References 133

Chapter 8

What About Power over Ethernet? 135

Introduction to PoE 135

How PoE Works 136

Detection Mechanism 136

Powering Mechanism 138

Risk Analysis for PoE 139

Types of Attacks 139

Mitigating Attacks 140

Defending Against Power Gobbling 140

Defending Against Power-Changing Attacks 141

Defending Against Shutdown Attacks 141

Defending Against Burning Attacks 142

Summary 143

References 143

Chapter 9

Is HSRP Resilient? 145

HSRP Mechanics 145

Digging into HSRP 147

Attacking HSRP 148

DoS Attack 149

Man-in-the-Middle Attack 150

Information Leakage 151

Mitigating HSRP Attacks 151

Using Strong Authentication 151

Relying on Network Infrastructure 153

Summary 155

References 155

Chapter 10

Can We Bring VRRP Down? 157

Discovering VRRP 157

Diving Deep into VRRP 159

Risk Analysis for VRRP 161

Mitigating VRRP Attacks 161

Using Strong Authentication 162

Relying on the Network Infrastructure 162

Summary 163

References 163

Chapter 11

Information Leaks with Cisco Ancillary Protocols 165

Cisco Discovery Protocol 165

Diving Deep into CDP 165

CDP Risk Analysis 167

CDP Risk Mitigation 169

IEEE Link Layer Discovery Protocol 169

VLAN Trunking Protocol 170

VTP Risk Analysis 172

VTP Risk Mitigation 173

Link Aggregation Protocols 174

Risk Analysis 176

Risk Mitigation 177

Summary 178

References 178

Part II

How Can a Switch Sustain a Denial of Service Attack? 181

Chapter 12

Introduction to Denial of Service Attacks 183

How Does a DoS Attack Differ from a DDoS Attack? 183

Initiating a DDoS Attack 184

Zombie 184

Botnet 185

DoS and DDoS Attacks 186

Attacking the Infrastructure 186

Common Flooding Attacks 187

Mitigating Attacks on Services 187

Attacking LAN Switches Using DoS and DDoS Attacks 188

Anatomy of a Switch 188

Three Planes 189

Data Plane 189

Control Plane 190

Management Plane 190

Attacking the Switch 190

Data Plane Attacks 192

Control Plane Attacks 192

Management Plane Attacks 193

Switch Architecture Attacks 193

Summary 194

Reference 194

Chapter 13

Control Plane Policing 197

Which Services Reside on the Control Plane? 198

Securing the Control Plane on a Switch 198

Implementing Hardware-Based CoPP 200

Configuring Hardware-Based CoPP on the Catalyst 6500 200

Hardware Rate Limiters 201

Hardware-Based CoPP 203

Configuring Control Plane Security on the Cisco ME3400 203

Implementing Software-Based CoPP 206

Configuring Software-Based CoPP 207

Mitigating Attacks Using CoPP 211

Mitigating Attacks on the Catalyst 6500 Switch 211

Telnet Flooding Without CoPP 211

Telnet Flooding with CoPP 212

TTL Expiry Attack 215

Mitigating Attacks on Cisco ME3400 Series Switches 218

CDP Flooding 218

CDP Flooding with L2TP Tunneling 219

Summary 222

References 222

Chapter 14

Disabling Control Plane Protocols 225

Configuring Switches Without Control Plane Protocols 225

Safely Disabling Control Plane Activities 227

Disabling STP 227

Disabling Link Aggregation Protocols 228

Disabling VTP 228

Disabling DTP 228

Disabling Hot Standby Routing Protocol and Virtual Routing Redundancy

Protocol 228

Disabling Management Protocols and Routing Protocols 229

Using an ACL 230

Disabling Other Control Plane Activities 232

Generating ICMP Messages 232

Controlling CDP, IPv6, and IEEE 802.1X 233

Using Smartports Macros 234

Control Plane Activities That Cannot Be Disabled 235

Best Practices for Control Plane 236

Summary 236

Chapter 15

Using Switches to Detect a Data Plane DoS 239

Detecting DoS with NetFlow 239

Enabling NetFlow on a Catalyst 6500 244

NetFlow as a Security Tool 246

Increasing Security with NetFlow Applications 247

Securing Networks with RMON 249

Other Techniques That Detect Active Worms 252

Summary 255

References 255

Part III

Using Switches to Augment the Network Security 257

Chapter 16

Wire Speed Access Control Lists 259

ACLs or Firewalls? 260

State or No State? 261

Protecting the Infrastructure Using ACLs 261

RACL, VACL, and PACL: Many Types of ACLs 263

Working with RACL 264

Working with VACL 265

Working with PACL 267

Technology Behind Fast ACL Lookups 267

Exploring TCAM 268

Summary 270

Chapter 17

Identity-Based Networking Services with 802.1X 273

Foundation 273

Basic Identity Concepts 274

Identification 274

Authentication 274

Authorization 275

Discovering Extensible Authentication Protocol 275

Exploring IEEE 802.1X 277

802.1X Security 279

Integration Value-Add of 802.1X 281

Spanning-Tree Considerations 281

Trunking Considerations 283

Information Leaks 283

Keeping Insiders Honest 285

Port-Security Integration 285

DHCP-Snooping Integration 286

Address Resolution Protocol Inspection Integration 286

Putting It Together 287

Working with Multiple Devices 288

Single-Auth Mode 288

Multihost Mode 289



Product Details



* ISBN: 1587052563

* ISBN-13: 9781587052569

* Format: Paperback, 340pp

* Publisher: Cisco Press

* Pub. Date: September 2007



-------------------------------------------------------------------------------

Install Notes

-------------------------------------------------------------------------------

Adobe Acrobat Reader

Disclaimer:
Contents of this page are indexed from the Internet. All actions are under your responsability. Email us to report illegal contents or external links and we'll remove them immediately.

Download links for "LAN Switch Security: What Hackers Know about Your Switches":


How to Download
You may need eMule or Bittorrent to download ebook torrents or emule links.

Report Dead Link
Please leave a comment to report dead links, so that someone else may update new links.

1. Ebooks list page : 1536
2. LAN Switch Security: What Hackers Know About Your Switches
3. LAN Switch Security: What Hackers Know About Your Switches
4. LAN Switch Security: What Hackers Know About Your Switches (Networking Technology: Se
5. [share_ebook] LAN Switch Security: What Hackers Know About Your Switches (Networking Technology: Security)
6. Cisco Press LAN Switch Security What Hackers Know About Your Switches (Networking Technology: Security)Sep 2007
7. LAN Switch Security: What Hackers Know About Your Switches (Networking Technology: Security)
8. LAN Switch Security: What Hackers Know About Your Switches (Networking Technology: Security)
9. LAN Switch Security: What Hackers Know About Your
10. Inside Internet Security: What Hackers Don't Want You To Know
11. Hackers Beware: The Ultimate Guide to Network Security
12. Hackers Beware: The Ultimate Guide to Network Security
13. Hackers Beware: The Ultimate Guide to Network Security
14. Mission-Critical Security Planner: When Hackers Won't Take No for an Answer
15. Mission-Critical Security Planner: When Hackers Won’t Take No for an Answer
16. Hackers Beware: The Ultimate Guide to Network Security (Repost)