© 2015 Mohamed Samir YouTube channel All rights reserved. www.mohamedsamir.comMohamed Samir CCNP-SWITCHING 300-115 Mohamed Samir YouTube channel Double.

Slides:



Advertisements
Similar presentations
Mitigating Layer 2 Attacks
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
Switching & Operations. Address learning Forward/filter decision Loop avoidance Three Switch Functions.
Sybex CCENT Chapter 10: Layer 2 Switching Instructor & Todd Lammle.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.
Part III Working with Redundant Links
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel.
Part III Working with Redundant Links
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
Part III Working with Redundant Links
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel.
Part IV: Multilayer Switching
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
Securing the Local Area Network
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Initial Switch Configuration Internetworking Fundamentals Instructor: Abdirahman I. Abdi.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Part V: Monitoring Campus Networks
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
© 2006 Cisco Systems, Inc. All rights reserved.1 Microsoft Network Load Balancing Support Vivek V
– Chapter 5 – Secure LAN Switching
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
Part VI: Implementing High Availability
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.
CN2668 Routers and Switches (V2) Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part III Working with Redundant Links.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part V: Monitoring Campus Networks.
Medium-Sized Switched Network Construction NetPro-ITI Implementing VLANs and Trunks.
Enabling Port Security
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
NetPro-ITI Ethernet LANs
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
Managing Networks and Network Devices
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
Switching Topic 2 VLANs.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against VLAN Attacks.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
Virtual Local Area Networks (VLANs) Part II
Layer-2 Switching and STP
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Understanding Switch Security.
CCNP Routing and Switching Exam Pass4sure.
© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Understanding Switch Security.
© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Understanding Switch Security.
Chapter 6.  Upon completion of this chapter, you should be able to:  Configure switches  Configure VLANs  Verify configuration settings  Troubleshoot.
Cisco LAN Switches.
Instructor Materials Chapter 5: Network Security and Monitoring
Chapter Six Securing the Local Area Network
Layer 2 Attacks and Security
Understanding Switch Security
– Chapter 5 – Secure LAN Switching
Chapter 5: Switch Configuration
Chapter 2: Basic Switching Concepts and Configuration
Instructor: Mr Malik Zaib
Switch Concepts and Configuration Part II
Chapter 5: Network Security and Monitoring
Chapter 5: Switch Configuration
Net 412 (Practical Part) LAB 5-port security
Chapter 5: Switch Configuration
Presentation transcript:

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double CCIEs #27042(R/S&SP)

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part VII: Securing Switched Networks

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Securing Switch Access

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Port Security Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security maximum 2 (1-1024) By default, port security will make sure that only one MAC address To make the learned addresses persistent across a switch reboot Switch(config-if)# switchport port-security mac-address sticky static Switch(config-if)# switchport port-security mac-address b02.a841 Switch(config-if)# switchport port-security violation {shutdown | restrict |protect} Protect : all packets from violating MAC addresses are dropped Restrict: Protect but send syslog message as an alert of the violation

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Port Security interface GigabitEthernet1/0/11 switchport access vlan 991 switchport mode access switchport port-security switchport port-security violation restrict spanning-tree portfast Jun 3 17:18: EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address e on port GigabitEthernet1/0/11. You need to clear before this action Switch# clear port-security {all | configured | dynamic | sticky} [address mac-addr | interface type member/mod/num]

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Port-Based Authentication switch port will not pass any traffic until a user has authenticated with the switch both the switch and the end user’s PC must support the 802.1X standard, using the Extensible Authentication Protocol over LANs (EAPOL). Click here to view code image Switch(config)# aaa new-model Switch(config)# radius-server host key BigSecret Switch(config)# radius-server host key AnotherBigSecret Switch(config)# aaa authentication dot1x default group radius Switch(config)# dot1x system-auth-control Switch(config)# interface range gigabitethernet1/0/ Switch(config-if)# switchport access vlan 10 Switch(config-if)# switchport mode access Switch(config-if)# dot1x port-control auto {force-authorized | forceunauthorized| auto} Switch(config-if)# dot1x host-mode multi-host

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Storm Control Broadcast frames Multicast frames Unknown unicast frames Switch(config-if)# storm-control {broadcast | multicast | unicast} level {level [level-low] | bps bps [bps-low] | pps pps [pps-low]} Level : percentage Bps bits per second PPS packet per second Switch(config-if)# storm-control action {shutdown | trap} default action to drop excessive frames Switch# show storm-control [interface-id] [broadcast | multicast | unicast]

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Best Practices for Securing Switches Configure secure passwords: enable secret Use system banners: Secure the web interface: If you not need it disable no ip http server Else Switch(config)# ip http secure server Switch(config)# access-list 1 permit Switch(config)# ip http access-class 1 Secure the switch console: Secure virtual terminal access: Switch(config)# access-list 10 permit Switch(config)# access-list 10 permit Switch(config)# line vty 0 15 Switch(config-line)# access-class 10 in

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Best Practices for Securing Switches Use SSH whenever possible: SSH uses strong encryption to secure session data You should use the highest SSH version that is available on a switch Secure SNMP access: secure features of SNMPv3. Secure unused switch ports: Secure STP operation: Secure the use of CDP and LLDP Link Layer Discovery Protocol (LLDP)

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Any questions ?

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Thank you for your time ! شكرا جزاكم الله خير

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.