ccna實(shí)驗(yàn)手冊(cè)互聯(lián)神州園區(qū)全1understanding switch security issues_第1頁(yè)
ccna實(shí)驗(yàn)手冊(cè)互聯(lián)神州園區(qū)全1understanding switch security issues_第2頁(yè)
ccna實(shí)驗(yàn)手冊(cè)互聯(lián)神州園區(qū)全1understanding switch security issues_第3頁(yè)
ccna實(shí)驗(yàn)手冊(cè)互聯(lián)神州園區(qū)全1understanding switch security issues_第4頁(yè)
ccna實(shí)驗(yàn)手冊(cè)互聯(lián)神州園區(qū)全1understanding switch security issues_第5頁(yè)
已閱讀5頁(yè),還剩12頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶(hù)提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

1、Minimizing Service Loss and Data Theft in a Campus NetworkUnderstanding Switch Security IssuesOverview of Switch SecurityRogue Access PointsRogue network devices can be:Wireless hubsWireless routersAccess switchesHubsThese devices are typically connected at access level switches.Switch Attack Catego

2、riesMAC layer attacksVLAN attacksSpoofing attacksAttacks on switch devices MAC Flooding AttackPort Security Port security restricts port access by MAC address.Configuring Port Security on a Switch Enable port securitySet MAC address limitSpecify allowable MAC addressesDefine violation actionsSwitch(

3、config-if)#switchport port-security maximum value violation protect | restrict | shutdown Enables port security and specifies the maximum number of MAC addresses that can be supported by this port.Verifying Port SecuritySwitch#show port-security Displays security information for all interfacesSwitch

4、#show port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count)- Fa5/1 11 11 0 ShutdownFa5/5 15 5 0 RestrictFa5/11 5 4 0 Protect-Total Addresses in System: 21Max Addresses limit in System: 128Verifying Port Security (Cont.)Switch#show port-security

5、interface type mod/portDisplays security information for a specific interfaceSwitch#show port-security interface fastethernet 5/1Port Security: EnabledPort status: SecureUpViolation mode: ShutdownMaximum MAC Addresses: 11Total MAC Addresses: 11Configured MAC Addresses: 3Aging time: 20 minsAging type

6、: InactivitySecureStatic address aging: EnabledSecurity Violation count: 0Verifying Port Security (Cont.)Switch#show port-security addressDisplays MAC address table security informationSwitch#show port-security address Secure Mac Address Table-Vlan Mac Address Type Ports Remaining Age (mins)- - - -

7、-1 0001.0001.0001 SecureDynamic Fa5/1 15 (I)1 0001.0001.0002 SecureDynamic Fa5/1 15 (I)1 0001.0001.1111 SecureConfigured Fa5/1 16 (I)1 0001.0001.1112 SecureConfigured Fa5/1 -1 0001.0001.1113 SecureConfigured Fa5/1 -1 0005.0005.0001 SecureConfigured Fa5/5 231 0005.0005.0002 SecureConfigured Fa5/5 231

8、 0005.0005.0003 SecureConfigured Fa5/5 231 0011.0011.0001 SecureConfigured Fa5/11 25 (I)1 0011.0011.0002 SecureConfigured Fa5/11 25 (I)-Total Addresses in System: 10Max Addresses limit in System: 128Port Security with Sticky MAC AddressesSticky MAC stores dynamically learned MAC addresses. AAA Netwo

9、rk ConfigurationAuthenticationVerifies a user identifyAuthorizationSpecifies the permitted tasks for the userAccountingProvides billing, auditing, and monitoringAuthentication MethodsEnable passwordKerberos 5Kerberos 5-Telnet authenticationLine passwordLocal databaseLocal database with case sensitiv

10、ity No authenticationRADIUSTACACS+Switch(config)#aaa authentication login default | list-name method1 method2. Creates a local authentication listCisco IOS AAA supports these authentication methods:802.1x Port-Based AuthenticationNetwork access through switch requires authentication.Configuring 802.

11、1xSwitch(config)#aaa authentication dot1x default method1method2Creates an 802.1x port-based authentication method listSwitch(config)#dot1x system-auth-controlGlobally enables 802.1x port-based authenticationSwitch(config)#interface type slot/portEnters interface configuration modeSwitch(config-if)#

12、dot1x port-control autoEnables 802.1x port-based authentication on the interfaceSwitch(config)#aaa new-modelEnables AAASummaryLayer 2 security measures must be taken as a subset of the overall network security plan.Rogue access to the network can undermine the security.Switch attacks fall into four

13、main categories.MAC flooding attacks are launched against Layer 2 access switches and can overflow the CAM table. Port security can be configured at Layer 2 to block input from devices.Configuring port security on a switch is easy and mended.Sticky MAC addresses allow port security to limit access to a specific, dynamically learned MAC address.Multila

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶(hù)所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶(hù)上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶(hù)上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶(hù)因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論