This chapter focuses on the network infrastructure security at data link layer, with particular concern on switch security. The goals are not simply to list out the available attacks, but also to clearly explain how these attacks operate and the working principles behind them by the effective use of illustrations. The protocols being exploited in this chapter include Address Resolution Protocol (ARP), Spanning Tree Protocol (STP), and Virtual Local Area Network (VLAN) protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Reference
Steve A. Rouiller, “Virtual LAN Security-:weaknesses and countermeasures,” SANS Institute
Sean Convery, “Hacking layer 2 fun with Ethernet switches,” http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf
“Layer 2 switching attacks and mitigation,” Networker, Dec. 2002.
“Virtual LAN Security Best Practices,” http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf
Eric Vyncke and Christopher Paggen, “LAN Switch Security: What Hackers Know About Your Switches,” Cisco Press, Sept. 2007.
Connie Howard, “Layer 2-the weakest link,” Packet, vol. 15, no. 1, first quarter 2003.
“Configuring Port Security,” http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_19_ea1/configuration/guide/swtrafc.html#wp1038501
Sean Whalen, “An Introduction to ARP Spoofing,” http://www.node99.org/projects/arpspoof/
Mao, “Introduction to arp poison routing,” http://www.oxid.it/downloads/apr-intro.swf
Sean Convery, “Network Security Architectures,” Cisco Press, 2004.
Connie Howard, “Layer 2-the weakest link,” Packet, vol. 15, no. 1, first quarter 2003.
Oleg K. Artemjev and Vladislav V. Myasnyankin, “Fun with the Spanning Tree Protocol,”
“Understanding Spanning-Tree Protocol Topology Changes,” http://www.cisco.com/warp/public/473/17.html
“Understanding Rapid Spanning Tree Protocol,” http://www.cisco.com/warp/public/473/146.html
Guillermo Mario Marro, “Attacks at the data link layer,” MSc thesis in Computer Science of the University of California Davis, http://seclab.cs.ucdavis.edu/papers/Marro_masters_thesis.pdf
“BPDU guard -Spanning Tree Portfast BPDU Guard Enhancement,” http://www.cisco.com/en/US/tech/tk389/tk621/ technologies_tech_note09186a008009482f.shtml
“Root Guard - Spanning Tree Portfast BPDU Guard Enhancement,” http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml
Andrew Vladimirov, Konstantin Gavrilenko and Andrei Mikhailovsky, “Protocol Exploitation in Cisco Networking Environments,” Hacking Exposed Cisco Networks – Part III, McGraw-Hill Osborne Media, 2005.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag US
About this chapter
Cite this chapter
Wong, A., Yeung, A. (2009). Network Infrastructure Security ’ Switching. In: Network Infrastructure Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-0166-8_2
Download citation
DOI: https://doi.org/10.1007/978-1-4419-0166-8_2
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-0165-1
Online ISBN: 978-1-4419-0166-8
eBook Packages: Computer ScienceComputer Science (R0)