View: 801|Reply: 0

Introduction to layer 2 attack and summary of prevention methods

[Copy link]

0

Threads

0

Posts

-6

Credits

Penalized users

Credits
-6
Post time 19-8-2011 16:08:01 | Show all posts |Read mode


The attacks and deceptions mentioned above mainly come from the second layer of the network.
In the actual network environment, its sources can be summarized as two ways: human implementation, virus or Internet
Worms.
Artificial implementation usually refers to the use of some hacker tools to scan and sniff the network to obtain information
Take management account and relevant password, install Trojan horse in the network, so as to steal further
Access to confidential documents. Attack and deception process is often more hidden and quiet, but for information security
It is very harmful for enterprises with high requirements. The attack of Trojan horse and worm is more than attack
At the same time, it will also bring network traffic increase, device CPU utilization is too high, and two
Layer spanning tree loop, network paralysis and so on.
The attack of the second layer of network is the easiest and most inadmissible for network security attackers
Easy to be found security threats, its goal is to make the network failure or through access to information such as encryption
Code such sensitive information endangers the safety of network users. Because any legitimate user
Can get access to an Ethernet port, these users may become black
At the same time, when designing OSI model, different communication layers are allowed to not understand each other
It can also work under the situation, so the security of the second layer becomes very important. If this
If one layer is attacked by hackers, the network security will be seriously threatened, and there will be a gap between the other layers
At the same time, no user will feel that the attack has endangered the system
Information security with layer.
Therefore, it is only based on authentication (such as IEEE 802.1x) and access control list (ACL),
The security measures of access control lists can‘t prevent the data from
The second layer of network security attacks. An authenticated user can still be malicious, and
All the attacks mentioned in this article can be easily executed. At present, this kind of attack and deception tools
It‘s very mature and easy to use.
These attacks come from the second layer of the network, mainly including the following:
MAC address flooding attack
DHCP server spoofing attack
ARP Spoofing
IP / MAC address spoofing
The innovative features of Cisco catalyst‘s intelligent switching family provide support for such attacks
A comprehensive solution will take place in the network layer 2 attacks to prevent access to the intranet
The first part of the project is mainly based on the following key technologies.
Port Security
DHCP Snooping
Dynamic ARP Inspection (DAI)
IP Source Guard
The following is mainly for these very typical layer 2 attacks and deception
The above technologies are combined and deployed on Cisco switches to prevent the switch from running in the switching environment
"Man in the middle" attack, MAC / CAM attack, DHCP attack, address spoofing, etc
It is significant that the deployment of the above technology can simplify address management and track users directly
IP and corresponding switch port to prevent IP address conflict. At the same time, for most of the
Address scanning, spoofing and other characteristics of the virus can effectively alarm and isolation.


Reply

Use magic Report

You have to log in before you can reply Login | Register Now

Points Rules

Quick Reply Contact us with Skype Contact us with Whastsapp Contact us with Telegram Contact us with Line Contact us with Line Contact us with Line Contact us with Line To Top Return to the list