TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.

Slides:

Advertisements

Similar presentations

Mitigating Layer 2 Attacks

Advertisements

Route Optimisation RD-CSY3021.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

RIP V1 W.lilakiatsakun.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: EIGRP Advanced Configurations and Troubleshooting Scaling.

Implementing Inter-VLAN Routing

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Introduction to Switched Networks Routing and Switching.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—3-1 Determining IP Routes Introducing Routing.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

Mod 10 – Routing Protocols

Routing and Routing Protocols

VLANs Semester 3, Chapter 3 Allan Johnson Website:

COEN 252: Computer Forensics Router Investigation.

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

Routing ROUTING. Router A router is a device that determines the next network point to which a packet should be forwarded toward its destination Allow.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

OSPF To route, a router needs to do the following: Know the destination address Identify the sources it can learn from Discover possible.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Applying Best Practices for VLAN Topologies.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling Static Routing.

Dr. John P. Abraham Professor University of Texas Pan American Internet Routing and Routing Protocols.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

1 Introducing Routing 1. Dynamic routing - information is learned from other routers, and routing protocols adjust routes automatically. 2. Static routing.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 6 Routing and Routing Protocols.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VLANs.

1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.

Routing ROUTING Presented by Aditya Kumar Gupta Lecturer, Department of Computer Application SMS Varanasi.

© 2002, Cisco Systems, Inc. All rights reserved..

© 2002, Cisco Systems, Inc. All rights reserved. 1 Determining IP Routes.

Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.

Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 6 Delivery and Routing of IP Packets.

Cisco Discovery Protocol. CDP and Router Boot Up When a Cisco device boots up, CDP starts up automatically and allows the device to detect neighbor devices.

Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.

© 2002, Cisco Systems, Inc. All rights reserved. 1 Routing Overview.

Routing and Routing Protocols

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.

Switching Topic 2 VLANs.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.

Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.

1 Large-scale (Campus) Lan design (Part II)  VLANs  Hierarchical LAN design.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 4 Learning About Other Devices.

+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 Module 10 Routing Fundamentals and Subnets.

University of the Western Cape Chapter 12: Routing Protocols Interior and Exterior Routing Protocols Aleksandar Radovanovic.

1 © 2004, Cisco Systems, Inc. All rights reserved. Routing and Routing Protocols: Routing Static.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.

LAN Switching Virtual LANs. Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected.

Routing and Routing Protocols CCNA 2 v3 – Module 6.

Instructor Materials Chapter 2: Scaling VLANs

Large-scale (Campus) Lan design (Part II)

Examcollection VCE Download

Virtual Local Area Networks (VLANs) Part I

Routing and Routing Protocols: Routing Static

Pertemuan 11 Virtual LANs

Chapter 5: Switch Configuration

Chapter 4: Routing Concepts

IST 202 Chapter 4.

Chapter 2: Basic Switching Concepts and Configuration

CCNA 2 v3.1 Module 6 Routing and Routing Protocols

Chapter 2: Scaling VLANs

Chapter 5: Switch Configuration

Routing and Routing Protocols: Routing Static

CCNA 3 v3 JEOPARDY Module 8 CCNA3 v3 Module 8 K. Martin.

Virtual LAN VLAN Trunking Protocol and Inter-VLAN Routing

Presentation transcript:

TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network that have only the SYN flag set. (DoS) Verify that the security policy specifies how ACLs will be implementation to support the secure processing environment. Consult the reference material for more thorough narrative for ACL best practices.

Routing protocols – gathers information about available networks. OSPF, BGP, RIP are IETF standards IS-IS is ISO standard EIGRP is Cisco Proprietary Authenticated router updates ensure that the update messages came from legitimate sources, bogus messages are automatically discarded. Configure passive-interfaces to prevent update distribution. Review configuration to verify implementation.

Cisco Discovery Protocol (CDP) – Cisco proprietary protocol, provides the capability for sharing system information between Cisco products If this information is not required for operational needs, then it should be disabled. Review config to verify that CDP is disabled.

Port Security – no security by default. All switch ports or interfaces should be secured before the switch is deployed. If port not being used, configure shutdown. MAC addresses are learned dynamically by default and not saved in config file. Static entries are manually entered for each port and saved in the running configuration. Sticky entries are similar to static entries except they are dynamically learned and are saved in the config.

Each active port can be restricted by a maximum MAC address count with an action selected for any violations.

Verify that policy establishes minimum security requirements for port security. Verify that unused ports are disabled. Verify that active ports are restricted by a maximum MAC address count. Verify that the action selected for any violations is based on established policy requirements.

A Virtual Local Area Network (VLAN) is a broadcast domain configured in the switch. All members of a VLAN are grouped logically into the same broadcast domain independent of their physical location. Routing is required for communication among members of different VLANs.

Cisco switches use VLAN 1 as the default VLAN to assign to their ports, including the management ports. Protocols such as CDP and VTP, need to be sent on a specific VLAN, VLAN 1. VLAN 1 may span the entire network Provides attackers easier access and extended reach for their attacks.