Cisco Ethernet switch Manuel d'utilisateur télécharger pdf (Page 64)

646464

l2-security-bh.ppt

802.1x/EAP Switch Authentication

¥ 802.1x and EAP (Extensible Authentication Protocol) can

authenticate a device before allowing access to a switch

and can assign a VLAN after authentication

EAP allows different authentication types to use the same format

(TLS, MD5, OTP)

¥ Works between the supplicant (client) and the

authenticator (network device)

¥ Maintains backend communication to an authentication

(RADIUS) server

¥ The authenticator (switch) becomes the middleman for

relaying EAP received in 802.1x packets to an

authentication server by using RADIUS to carry the EAP

information

¥ Available on Cat 2900,4K,6K in CatOS 6.2; Cat 3550 in

12.1(4)EA1; Cat 2950 in 12.1(6)EA2

1 2 ... 59 60 61 62 63 64 65 66 67 68 69 ... 83 84

Hacking Layer 2: Fun with 1
Ethernet Switches 1
¥ Layer 2 Attack Landscape 2
¥ Summary and Case Study 2
The Domino Effect 5
The Numbers from CSI/FBI 7
MAC Attacks 8
MAC Address/CAM Table Review 9
Normal CAM Behaviour 1/3 10
Normal CAM Behaviour 2/3 11
Normal CAM Behaviour 3/3 12
CAM Overflow 1/3 13
CAM Overflow 2/3 14
CAM Overflow 3/3 15
Catalyst CAM Tables 16
CAM Table Full! 18
¥ Port Security 19
Port Security Details 20
VLAN ÒHoppingÓ Attacks 21
Trunk Port Refresher 22
0100.0ccc.cccc 24
Dynamic Trunk Protocol (DTP) 25
Basic VLAN Hopping Attack 26
Hopping Attack 27
Outer Tag, Attacker VLAN 28
Inner Tag, Victim VLAN 28
Disabling Auto-Trunking 29
Security Best Practices 30
ARP Attacks 31
ARP Refresher 32
Gratuitous ARP 33
Misuse of Gratuitous ARP 34
A Test in the Lab 35
¥ ARP spoofing 36
¥ MAC flooding 36
¥ Selective sniffing 36
¥ SSH/SSL interception 36
Arpspoof in Action 37
More on Arpspoof 38
Selective Sniffing 39
SSL/SSH Interception 40
Dsniff evolves: Ettercap 43
Can It Get Much Easier? 44
ARP Entries do not age out 46
Community Ports 46
Private VLAN Configuration 47
More ARP Spoof Mitigation 49
Spanning Tree Attacks 50
Spanning Tree Basics 51
STP Attack Mitigation 56
VLAN Trunking Protocol (VTP) 57
Potential VTP Attacks 58
Layer 2 Port Authentication 59
Dynamic VLAN Access Ports 60
VMPS Architecture 61
VMPS/VQP Attacks 62
VMPS/VQP Attack Mitigation 63
(TLS, MD5, OTP) 64
802.1X Port Authentication 65
Other Attacks 66
0100.0ccc.cccc 67
CDP Attacks 68
DHCP Starvation Attacks 69
Private VLAN Attacks 1/2 71
Private VLAN Attacks 2/2 72
PVLAN Attack Mitigation 73
Nice Try 74
Random Frame Stress Attack 75
IP Telephony Considerations 76
Switch Management 77
Summary and Case Study 78
Your Own Security Policy 80
A Relevant Case Study 81
A More Secure Alternative 82
Lessons Learned 83
Further Reading 84

Commentaires sur ces manuels

Pas de commentaire

Cisco Ethernet switch Manuel d'utilisateur Page 64

Commentaires sur ces manuels

Produits connexes et manuels pour Mise en réseau Cisco Ethernet switch