Configuration options using port security can secure the switch in the following ways. Port security is one way of securing a CISCO switch. Port security limits the number of valid MAC addresses allowed on a port. All switch ports or interfaces should be secured before the switch is deployed. Using port security is one way to protect the switch against such attacks. Other common attacks may be aimed at CDP, telnet or other technology weaknesses that may be manipulated through the switch. MAC-address spoofing – in this attack, an attacker poses as a DHCP server, when legitimate clients request for addresses from the DHCP server, the attacker responds with an address that would permit them to see the traffic from a particular node. This means that the attacker can see all the frames for the nodes in the network. When this database is filled up, the switch is unable to forward traffic using unicast and it begins to operate like a hub by flooding frames out of the ports. Switch operation works by adding the MAC address to the mac-address-table which is limited to a certain number of MAC-addresses. They then use a tool to send invalid source MAC addresses to the switch. MAC address flooding – in this type of attack, an attacker usually gains access to a switch using a node. There are several attacks that switches are vulnerable to such as: In this course however, you are only expected to understand some basic security options such as port security. There are several security breaches that switches are vulnerable to. The commands needed are implemented in the interface configuration mode on a switch as shown below. We can hard code the ports on the switch to use only full duplex since it is the preferred mode.
This means that if one side is operating on half-duplex, then the port would be in half-duplex as well.
By defaults, the duplex on CISCO switches is usually auto. In this chapter, we will continue with the configuration and verification of the basic switch configuration, configure and verify port security on a switch and learn some other important concepts.Īs we mentioned in part 1 of this chapter, the duplex mode determines whether communication will be unidirectional or bidirectional. In the previous part, we looked at some of the concepts behind switch operation.
0 kommentar(er)
