Layer 2 Security and Attacks
- Wednesday, March 11, 2009, 16:35
- Networks, Security
- 2,270 views
- Add a comment
This tutorial will teach you some of the important security measures to secure your network for layer 2 attacks by following some of the best security practices.
Justification for this Survey
- Security is only as strong as the weakest link
- Layer 2 attacks are timeworn but still relevant in today’s networking environment
- Crime and security survey show different types of attacks for the year of 2008. CSI / FBI surveys also show that different types of attacks could target routers and switches
![clip_image002[7]](http://www.soopertutorials.com/wp-content/uploads/2009/03/clip-image0027.gif "Layer 2 Security and Attacks")
Figure-1
Executive Summary
A large number of networks exist in Karachi with either no or limited protection that can be easily compromised. Basic configuration errors like use default manufacturer device settings, mechanisms and default configuration, expose risk of access of such networks through these defaults settings using publicly available information.
There was scope for enhancing the security of many of the wired and wireless networks observed during the survey. Of the total networks sampled, around 57% appeared to be unprotected i.e. not having VLAN’s in network, Auto-Trunking working default settings. Around 75% of organizations are using Manageable switches and most of these use Cisco catalyst.
We found Cisco is most popular brand in our survey, Most of people are using Cisco switches in his infrastructure and 3Com is 2nd choose of users and reaming are using Linksys, Baynet and Baylan.
![clip_image002[9]](http://www.soopertutorials.com/wp-content/uploads/2009/03/clip-image0029.gif "Layer 2 Security and Attacks")
Figure-2 : Switch Venders Summary Graph
Most of the users are using manageable switches.
![clip_image002[23]](http://www.soopertutorials.com/wp-content/uploads/2009/03/clip-image00223.gif "Layer 2 Security and Attacks")
Figure-3 : Manageable or Non –Manageable Summary Graph
Survey Observations
Of the 25 networks seen, 67% appeared to be unprotected i.e. without VLAN. 8% were using low level of protection i.e SSH, STP, Auto-Trunking. Balance 25% networks were using the more secure Protected Layer 2 security.
This makes 75% of the observed networks being relatively easy to do VLAN hopping attack and it could be easy to attack in same subnet.
![clip_image002[11]](http://www.soopertutorials.com/wp-content/uploads/2009/03/clip-image00211.gif "Layer 2 Security and Attacks")
Figure-3: VLAN Summary Graph
![clip_image002[13]](http://www.soopertutorials.com/wp-content/uploads/2009/03/clip-image00213.gif "Layer 2 Security and Attacks")
Figure-4 : Auto-Trunking Graph Summary
From our survey data nomenclature VTP broadcast storm can be generated in 32% collected data networks.
![clip_image002[15]](http://www.soopertutorials.com/wp-content/uploads/2009/03/clip-image00215.gif "Layer 2 Security and Attacks")
Figure-5 : VTP Summary Graph
This makes 72% of the observed networks being relatively easy to do Spanning Tree Root Hijack attack. I could be easy in flat network.
![clip_image002[17]](http://www.soopertutorials.com/wp-content/uploads/2009/03/clip-image00217.gif "Layer 2 Security and Attacks")
Figre-6 : Spanning Tree Protocol Summary Graph
In other security aspect, We found most of the users are not using remote access for switches, in this only 16% users are using secure remote access remaining are using unencrypted remote access.
![clip_image002[19]](http://www.soopertutorials.com/wp-content/uploads/2009/03/clip-image00219.gif "Layer 2 Security and Attacks")
Figure 7 : Switch Remote Access Summery Graph
As per our observation most of the organization are not applying protection at Layer 2 level.
![clip_image002[21]](http://www.soopertutorials.com/wp-content/uploads/2009/03/clip-image00221.gif "Layer 2 Security and Attacks")
Figure-8 : 802.1x Protection at Layer 2
Conclusion
The rapid growth in wire and wireless networks without commensurate increase in layer 2 network security awareness, both at Small and Enterprise business, is indeed a growing concern. At the same time, there is significant scope for enhancing security our unsecured networks. The major risks that one might be exposed to include:
• Unauthorized users may gain access to unsecured network and use network resources. This will not only issue in the network but they can also generate Layer 2 level Attacks.
In keeping with our overall objective to increase the security at layer 2 networks deployed in Karachi, we have included Layer 2 Network Security Good Practices in Annexure I.
Annexure I
MAC Flooding Attack Mitigation
•Port Security
- Allow you to specify MAC addresses for each port, or to learn a certain number of MAC addresses per port.
- Upon detection of an invalid MAC block only the offending MAC or just shut down the port.
•Smart CAM table
- Never overwrite existing entries.
- Only time-out inactive entries.
- Active hosts will never be overwritten.
•Speak first
- Deviation from learning bridge: never flood.
- Requires a hosts to send traffic first before receiving.
VLAN Hopping Attack Mitigation
•Use recent switches.
•Disable auto-trunking.
•Never put host in the trunk native VLAN.
•Put unused ports in an unused VLAN.
Spanning Tree Attacks Mitigation
•Disable STP
(It is not needed in loop free topologies).
•BPDU Guard
Disables ports upon detection of a BPDU message on the port.
•Root Guard
Disables ports that would become the root bridge due to their BPDU advertisement.
References
(No Ratings Yet)
Loading ...About the Author
Adam has written 384 stories on this site.
Related Tutorials & Articles
Introduction A virtual LAN, commonly known as a VLAN , is a method of creating independent logical networks within a physical network. Explanation Basically VLAN setup that behave as single link while physically it connected with different segments of LANs(by manageable switches). VLAN configured through software rather then hardware (like in LAN).if two network in a VLAN so...Read more
Network Switch (Network device) Switch works on data link layer of OSI model (Layer-2). Switch physically similar to the hub and perform the same task of providing single connection platform to peripherals (hosts, servers etc). Switch is the network device replaces the hub by overcoming its problem. Switch is an intelligent device; it can take decision...Read more
The Cisco Three-Layer Hierarchical Model Most of us were exposed to hierarchy early in life. Anyone with older siblings learned what it was like to be at the bottom of the hierarchy. Regardless of where you first discovered hierarchy, today most of us experience it in many aspects of our lives. It is hierarchy that helps...Read more
1. What are two reasons that a network administrator would use access lists? (Choose two.) A: to control vty access into a router B: to control broadcast traffic through a router C: to filter traffic as it passes through a router D: to filter traffic that originates from the router E: to replace passwords as a line of defense against...Read more
File transfer protocol is used to transfer files from local to remote machine. It establishes session with remote computer by using port 21. Figure-1 Figure-2 Open command access the remote computer username and password is required for file transfer and receiving. Figure-3 After establishing the connection with remote computer username and password is required for authentication. Figure-3 shows that ftp...Read more
Write a Comment
Gravatars are small images that can show your personality. You can get your gravatar for free today!
