Cisco SWITCH 1.0: Minimizing Service Loss and Data Theft

Course details

• In a switched network, a host of attacks can be launched at a switch and its ports. MAC flooding, rogue traffic "hopping" from one VLAN to another, spoofing attacks, as well as DHCP and Address Resolution Protocol (ARP) threats can occur at Layer 2. It is important that you implement basic security measures to guard against these types of Layer 2 malicious activities. This course defines the potential vulnerabilities relating to VLANs that can occur within a network. After the vulnerabilities are identified, solutions for each vulnerability are discussed, and configuration commands are defined. This course discusses port security for denial of MAC spoofing and MAC flooding, and the use of private VLANs (PVLANs) and VLAN access control lists (VACLs) to control VLAN traffic. VLAN hopping, DHCP spoofing, Address Resolution Protocol (ARP) spoofing, and Spanning Tree Protocol (STP) attacks are also explained. In addition, potential problems and their solutions, and the method for securing the switch access, with use of vty access control lists (ACLs), and implementing the Secure Shell (SSH) Protocol for secure Telnet access are also covered.
• recognize the vulnerabilities of switches to network attacks
• configure port security to block input from devices based on Layer 2 restrictions
• identify the features of AAA authentication
• employ 802.1X port-based authentication
• configure and verify port security
• prevent VLAN hopping
• address VLAN security issues
• recognize the features of DHCP spoofing attacks
• configure switches to guard against DHCP threats
• recognize ARP threats
• identify the steps in IP Source Guard configuration
• identify CDP and LLDP vulnerabilities
• protect physical and virtual ports
• identify considerations when securing a switched network