Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
1 © 2003, Cisco Systems, Inc. All rights reserved. Vyncke ethernet security Ethernet: Layer 2 Security Eric Vyncke Cisco Systems Distinguished Engineer.
WLAN Security Examining EAP and 802.1x x works at Layer 2 to authentication and authorize devices on wireless access points.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Authentication Center for SDP Federation
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
OSI Model Routing Connection-oriented/Connectionless Network Services.
Secure LAN Switching Layer 2 security Introduction Port-level controls
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.
– Chapter 5 – Secure LAN Switching
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. IEEE 802.1x An internet standard created to perform authentication services for remote access to a central LAN. An internet standard.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.
LAN Switching and Wireless – Chapter 2
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Connecting to the Network Networking for Home and Small Businesses – Chapter.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Switch LAN Switching and Wireless – Chapter 2.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Switching and Wireless Basic Switch Concepts and Configuration Chapter.
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Exploring the Packet Delivery Process.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Design LAN Switching and Wireless – Chapter 1.
Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.
Csci388 Wireless and Mobile Security – Access Control: 802
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 7 – Secure Network Architecture and Management.
Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part V: Monitoring Campus Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
Chapter 6: Securing the Local Area Network
Wireless Network Security CSIS 5857: Encoding and Encryption.
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
Port Based Network Access Control
LAN Switching and Wireless – Chapter 2
Introduction to Networks v6.0
Instructor Materials Chapter 5: Network Security and Monitoring
Exploiting Layer 2 By Balwant Rathore.
LAN Switching and Wireless – Chapter 3
Instructor Materials Chapter 5: Ethernet
Semester 1 Cisco Discovery JEOPADY Chapter 3.
– Chapter 5 – Secure LAN Switching
Chapter 5: Network Security and Monitoring
802.1x OVERVIEW Sudhir Nath Product Manager, Trust & Identity
– Chapter 5 (B) – Using IEEE 802.1x
Network Security and Monitoring
LAN Switching and Wireless – Chapter 3
LAN Switching and Wireless – Chapter 2
LAN Switching and Wireless – Chapter 3
LAN Switching and Wireless – Chapter 2
LAN Switching and Wireless – Chapter 2
LAN Switching and Wireless – Chapter 3
Connecting to the Network
Pre-Authentication with 802.1X
Presentation transcript:

Chapter 5 Secure LAN Switching

 MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks

Port Security  Example –Set port security 2/1 enable –Set port security 2/ b –Set port security 3/2 maximum 1

Restricting Access to a Switch via IP Permit List  Example –Set ip permit enable –Set ip permit telnet –Set ip permit snmp –Set ip permit all

Controlling LAN Floods  Example –Set port broadcast 2/1-6 75%

Private VLANs on the Catalyst 6000  Restricts intra VLAN traffic on a per port basis  Solves ARP spoofing

IEEE 802.1x Standard  Provides authentication of devices connecting to a physical port on a layer 2 switch or a logical port on a wireless access point

802.1x Entities  Supplicant: a device (eg. Laptop) that needs to access the LAN  Authenticator: a device that initiates the authentication process between the supplicant and the authentication server  Authentication server: a device (eg. Cisco ACS) that can authenticate a user on behalf of an authenticator

802.1x Communication  Uses Extensible Authentication Protocol (EAP) described in RFC 3748RFC 3748  Authentication data is transmitted in EAP packets –encapsulated in EAPOL frames between supplicant and authenticator –encapsulated TACACS+ or RADIUS packets between authenticator and authentication server

Extensible Authentication Protocol (EAP)  Carries authentication data between two entities that wish to set up an authenticated channel for communication  Supports one-time password, MD5 hashed username and password, and transport layer security

EAP Packet Format (RFC 2284)  Code: identifies EAP packet type such as request, response, success, or failure  Identifier: used to match responses with requests  Length: length of EAP packet

Types of EAP Request/Response messages  Identity message  Notification message  NAK message  MD-5 challenge message  One-time password message  Transport-Layer Security (TLS) message

EAP Exchange Involving Successful OTP Authentication

Frame Format for EAPOL Using Ethernet 802.3

Relationship between Supplicant, Authenticator, Authentication server, EAPOL, and TACACS+/Radius

802.1x Architecture and Flow using EAP over EAPOL and EAP over TACACS+/RADIUS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.