Skip to main content

Types of Layer 2/Switch Security Attacks, and Mitigation steps in Brief

Security Attacks against Switches or at Layer 2 can be grouped in four major Categories as follows:
1. MAC layer attacks
2. VLAN attacks
3. Spoofing attacks
4. Attacks on switch devices
1. MAC Layer Attacks Types
MAC address flooding 
Description :- Frames with unique, invalid source MAC addresses flood the switch, exhausting content addressable memory (CAM) table space, disallowing new entries from valid hosts. Traffic to valid hosts is subsequently flooded out all ports.
Mitigation Port security. MAC address VLAN access maps.
 
2. VLAN Attacks
i – VLAN hopping
By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing Layer 3 security measures.
Mitigation  Tighten up trunk configurations and the negotiation state of unused ports. Place unused ports in a common VLAN.
 
ii – Attacks between devices on a common VLAN 
Devices might need protection from one another, even though they are on a common VLAN. This is especially true on service-provider segments that support devices from multiple customers.
Mitigation : – Implement private VLANs (PVLAN).
 
3. Spoofing Attacks
i – DHCP starvation and DHCP spoofing
An attacking device can exhaust the address space available to the DHCP servers for a period of time or establish itself as a DHCP server in man-in-themiddle attacks.
Mitigation :- Use DHCP snooping.
 
ii – Spanning-tree compromises 
Attacking device spoofs the root bridge in the STP topology. If successful, the network attacker can see a variety of frames.
Mitigation :- Proactively configure the primary and backup root devices. Enable root guard.
 
iii – MAC spoofing
Attacking device spoofs the MAC address of a valid host currently in the CAM table. The switch then forwards frames destined for the valid host to the attacking device.
Mitigation :- Use DHCP snooping, port security.
 
iv – Address Resolution Protocol (ARP) spoofing
Attacking device crafts ARP replies intended for valid hosts. The attacking device’s MAC address then becomes the destination address found in the Layer 2 frames sent by the valid network device.
Mitigation :- Use Dynamic ARP Inspection, DHCP snooping, port security.
 
4. Switch Device Attacks
i – Cisco Discovery Protocol (CDP) manipulation
Information sent through CDP is transmitted in clear text and unauthenticated, allowing it to be captured and divulge network topology information.
Mitigation :- Disable CDP on all ports where it is not intentionally used.
 
ii – Secure Shell Protocol (SSH) and Telnet attacks
Telnet packets can be read in clear text. SSH is an option but has security issues in version 1.
Mitigation : – Use SSH version 2. Use Telnet with vty ACLs.

Comments

Popular posts from this blog

What is Cisco Supervisor Engine?

Supervisor Engine is a module that is installed in the Cisco Chassis-based Catalyst Switches or Routers. Supervisor engine contains nearly all the same components of a fixed Cisco Switches or Routers. These Supervisor engines come in a variety of different types with different functionalities and are installed in the Switches/Router Chassis as per requirements of the network types.

Benefits of Supervisor Engines
By installing Latest Supervisor Engines in your existing investments (Switches and Routers) you can scale system performance and integrate next-generation services into your Networks.
Within a single multilayer switch chassis, two supervisor modules with integrated route processors can be used to provide hardware redundancy. If an entire supervisor module fails, the other module can pick up the pieces and continue operating the switch.
The supervisor engine contains the following integrated daughter cards that perform forwarding and routing and provide the protocols supported …

GNS3 Docker Error while creating node: Docker has returned an error: Cannot connect to host docker:80

Error while creating node: Docker has returned an error: Cannot connect to host docker:80 ssl:False [No such file or directory]

After adding docker template for Alpine Linux in gns3, you get above mentioned message when you want to use alpine linux in GNS3.

To get rid of this message you have to install Docker by following below link
curl -fsSL https://get.docker.com/ | sh

If you do not have curl installed then instal curl first with below command.apt-get install curl
After installing Docker you need to add your user name in the docker group with the following command. $ sudo usermod -aG docker your_username

Verify if the docker service is started with following command$ service docker status
If docker is not started then start with following command $ sudo service docker start
Logout from GNS3 Virtual Machines and log back. Start gns3 and use alpine linux.

a file I/O error has occurred while accessing vmware converter

While converting physical Windows 7 machine to Virtual machine of infrastructure type, I got this error. The error seems it is unable to read/write source or destination datastore.

I have installed VMware-converter-en-6.2.0-8466193 on Windows 7 physical machine with option locally selected. (not at server/client option)

All of my ESXi servers are connected to the vCenter Server, so I had to use vCenter Server's IP address to send this physical machine to the virtual world.

The issue i found was with the dns resolution to the vCenter Server's hostname. Since I am not using the same dns server on the Windows 7 client machine. So I updated the host entries manually for the vCenter Server's hosname to it IP address.

After adding dns eteries to the hostfile of windows 7, I am not getting this "a file I/O error has occurred while accessing vmware converter" and the migration has started.