Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Putting 2 & 2 Together By Stephen Dugan, CCSI

Published byFlorence Doyle Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Putting 2 & 2 Together By Stephen Dugan, CCSI"— Presentation transcript:

1 1 Putting 2 & 2 Together By Stephen Dugan, CCSI scdugan@101labs.com

2 2 Introduction Welcome to the presentation and Thank you for coming!  Who is the speaker?  What is the focus of the presentation?

3 3 Agenda  Introduction  Section 1 – Current Design Best Practices  Section 2 – Emerging Design Practices  Extras?

4 4 Section 1 Current Design Model

5 5 Building Block of Network Design Distribution Access CORE WANWANInternetInternetPSTNPSTN Server Farm Building Block Additions Ethernet Layer 2 or Layer 3

6 6 Section 1 – Current Design Model Features: Link redundancy Load-Sharing Fast Convergence Manageable Scalable Security could be stronger….

7 7 Section 1 – Current Design Model L2 Functions that provide security: Root Guard PortFast BPDU Guard Port Security Management VLAN Private VLANs

8 8 Section 1 – Current Design Model L3 Functions that provide security: ACLs at Distribution Layer: Ingress - Egress from Core Route Filtering Network Based IDS (if used?!?)

9 9 Section 1 – Current Design Model Hard issues to Address with this design: HSRP insecurities STP weaknesses ARP Spoofing Common mis-configurations

10 10 Section 2 Emerging Changes to Design Model

11 11 Section 2 – Emerging Changes Main Changes is focusing around bringing the Layer 3 Routing functionality close to the end stations. OR R2D Routing to Desktop

12 12 Section 2 – Emerging Changes Access Layer 3 Distribution Layer 3 Core L2 or L3 From the Physical Layout it looks the same (Good news no Rewire!)

13 13 Section 2 – Emerging Changes With L3 Capabilities within the Access-Layer Box: HSRP isn’t needed STP is irrelevant Routing to Distribution Layer Concept of “Private-VLANs” can be implemented easily L3

14 14 Section 2 – Emerging Changes Security Problems Solved: ARP Spoofing ROOT Take over HSRP MiTM Attack (or DOS) Better QOS handling (NBAR) L3

15 15 Section 2 – Emerging Changes Access Layer GigE Dist. OSPF or EIGRP VLAN 2 VLAN 3 VLAN 4 VLAN 5 VLAN 6

16 16 Links  General Cisco Security http://www.cisco.com/warp/public/707/21.ht ml#http http://www.cisco.com/warp/public/707/21.ht ml#http http://www.cisco.com/public/cons/isp/docum ents/IOSEssentialsPDF.zip http://www.cisco.com/public/cons/isp/docum ents/IOSEssentialsPDF.zip http://www.cisco.com/warp/public/cc/so/cuso /epso/sqfr/safe_wp.htm  Design http://www.cisco.com/warp/public/cc/so/neso /lnso/cpso/gcnd_wp.htm http://www.cisco.com/warp/public/cc/so/neso /lnso/cpso/gcnd_wp.htm

17 17 Thank you for coming!! Special thanks to Jeff Moss, Keith Myers and the rest of the Black Hat Crew.

Download ppt "1 Putting 2 & 2 Together By Stephen Dugan, CCSI"

Similar presentations

Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
UTC-N Overview of Campus Networks Design.

UTC-N Overview of Campus Networks Design.
Sales Guide for DES-3810 Series Aug 2011 D-Link HQ.

Sales Guide for DES-3810 Series Aug 2011 D-Link HQ.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Module CSY3021 Network Planning and Programming RD-CSY3021-08/09 1.

Module CSY3021 Network Planning and Programming RD-CSY /09 1.
Scalable Network Design Ryan J. Determan, CCIE 5276 Scalable Network Design Ryan J. Determan, CCIE 5276 Copyright 2002 DDLS.

Scalable Network Design Ryan J. Determan, CCIE 5276 Scalable Network Design Ryan J. Determan, CCIE 5276 Copyright 2002 DDLS.
1 © 2003, Cisco Systems, Inc. All rights reserved. Vyncke ethernet security Ethernet: Layer 2 Security Eric Vyncke Cisco Systems Distinguished Engineer.

1 © 2003, Cisco Systems, Inc. All rights reserved. Vyncke ethernet security Ethernet: Layer 2 Security Eric Vyncke Cisco Systems Distinguished Engineer.
1 13-Jun-15 S Ward Abingdon and Witney College LAN design CCNA Exploration Semester 3 Chapter 1.

1 13-Jun-15 S Ward Abingdon and Witney College LAN design CCNA Exploration Semester 3 Chapter 1.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Describing STP Stability Mechanisms.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Describing STP Stability Mechanisms.
Implementing a Highly Available Network

Implementing a Highly Available Network
1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Halmstad University Olga Torstensson 035-167575

1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Halmstad University Olga Torstensson
1 © 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Is It Routing or Is It Layer 3 Switching? YES!

1 © 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Is It Routing or Is It Layer 3 Switching? YES!
Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.

Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.
FSM7328S / FSM7352S Product Training Managed Layer 3 Stackable Switching at Layer 2 Pricing Demetrios Coulis March, 2005.

FSM7328S / FSM7352S Product Training Managed Layer 3 Stackable Switching at Layer 2 Pricing Demetrios Coulis March, 2005.
© 2011 Internetwork All rights reserved. Cell: +20 10 09517999 Samir CCNP-SWITCHING 250-111 Mohamed Samir YouTube.

© 2011 Internetwork All rights reserved. Cell: Samir CCNP-SWITCHING Mohamed Samir YouTube.
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public TSHOOT v6 Chapter 10 1 Chapter 10: Review and Preparation for Troubleshooting Complex.

© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public TSHOOT v6 Chapter 10 1 Chapter 10: Review and Preparation for Troubleshooting Complex.
Chapter 1: Hierarchical Network Design

Chapter 1: Hierarchical Network Design
Internet Service Provisioning Phase - I August 29, 2003 TSPT Web:

Internet Service Provisioning Phase - I August 29, 2003 TSPT Web:
Secure LAN Switching Layer 2 security Introduction Port-level controls

Secure LAN Switching Layer 2 security Introduction Port-level controls

Similar presentations

Ads by Google