lecture 10 - Layer 2 Switch Security

lecture 10 - Layer 2 Switch Security - Network Security CS...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 6823 - Network Security 1 Network Security CS 6823 – Lecture 5 Layer 2 Security Keith O’Brien keith@keithobrien.org The material within was originally presented at Cisco Networkers Live Conference 2008-2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CS 6823 - Network Security Layer 2 Switch Security 2
Background image of page 2
CS 6823 - Network Security Why Worry About Layer 2 Security? OSI was built to allow different layers to work without the knowledge of each other 3 Host B Host A Physical Links MAC Addresses IP Addresses Protocols/Ports Application Stream Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CS 6823 - Network Security Lower Levels Affect Higher Levels This means if one layer is hacked, communications are compromised without the other layers being aware Security is only as strong as the weakest link Layer 2 can be VERY weak 4 POP3, IMAP, IM, SSL,  SSH Physical Links IP Addresses Protocols/Ports Initial Compromise Application Stream Compromised Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical
Background image of page 4
CS 6823 - Network Security MAC Address CAM Table 5 CAM table stands for Content Addressable Memory The CAM tables stores information such as MAC addresses available on physical ports with their associated VLAN parameters All CAM tables have a fixed size 0000.0c XX.XXXX 48-Bit Hexadecimal Number Creates Unique Layer Two Address 1234.5678.9ABC First 24-Bits = Manufacture Code  Assigned by IEEE Second 24-Bits = Specific Interface, Assigned by  Manufacture 0000.0c XX.XXXX All Fs = Broadcast FFFF.FFFF.FFFF
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CS 6823 - Network Security 6 Normal CAM Behavior 1/3 MAC A Port 1 Port 2 Port 3 MAC Port A 1 C 3 ARP for B ARP for B    B Is Unknown— Flood  the Frame MAC B MAC C
Background image of page 6
CS 6823 - Network Security 7 Normal CAM Behavior 2/3 MAC A Port 1 Port 2 Port 3 MAC Port A 1       C 3 A is on Port 1 LEARN B is on Port 2  MAC B MAC C B          2 I Am MAC B I Am MAC B
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CS 6823 - Network Security 8 Normal CAM Behavior 3/3 MAC A Port 1 Port 2 Port 3 MAC Port A 1 C 3 Traffic A -> B Traffic A-> B B Is on Port 2 MAC B MAC C Does Not See  Traffic to B B          2
Background image of page 8
CS 6823 - Network Security CAM Overflow – Tools Macof tool - About 100 lines of PERL - Included in DSNIFF Attack successful by exploiting the size limit on Cam tables Yersinia – Swiss-army knife for layer 2 attacks 9
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CS 6823 - Network Security 10 CAM Overflow I Am MAC Y MAC A MAC B MAC C Port 1 Port 2 Port 3 MAC Port A 1 B 2 C 3 Y Is on Port 3 Z Is on Port 3 Y       3 Z       3 Traffic A   B I See Traffic to B Assume CAM Table Now Full I Am MAC Z Traffic A   B   
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 46

lecture 10 - Layer 2 Switch Security - Network Security CS...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online