Title :
Understanding and preventing attacks at layer 2 of the OSI reference model
Author_Institution :
Security Consulting Syst. Eng., Cisco Syst.
Abstract :
This session focuses on the security issues surrounding layer 2, the data-link layer. With a significant percentage of network attacks originating inside the corporate firewall, exploring this soft underbelly of data networking is critical for any secure network design. Security issues addressed in this session include ARP spoofing, MAC flooding, VLAN hopping, DHCP attacks, and spanning tree protocol concerns. Common myths about Ethernet switch security are confirmed or debunked, and specific security lockdown recommendations are given. Attack mitigation options include the new DHCP snooping and dynamic ARP inspection (DAI) functionality. Attendees can expect to learn layer 2 design considerations from a security perspective and mitigation techniques for layer 2 attacks
Keywords :
local area networks; protocols; telecommunication security; tree data structures; ARP spoofing; DAI; DHCP attack; Ethernet switch security; MAC flooding; OSI reference model; VLAN hopping; corporate firewall; data-link layer; dynamic ARP inspection; mitigation technique; network attack; network security; spanning tree protocol;
Conference_Titel :
Communication Networks and Services Research Conference, 2006. CNSR 2006. Proceedings of the 4th Annual
Conference_Location :
Moncton, NB
Print_ISBN :
0-7695-2578-4
DOI :
10.1109/CNSR.2006.57
