Presentation is loading. Please wait.

Presentation is loading. Please wait.

DCS835 Compute Network and the Internet

Published byNigel Hoover Modified over 6 years ago

Similar presentations

Presentation on theme: "DCS835 Compute Network and the Internet"— Presentation transcript:

1 DCS835 Compute Network and the Internet
CSIS DCS835 Compute Network and the Internet VLANS Team 0 Maria Sette Roshan Shaikh 8/2/2011 Team 0

2 Outline Motivation Design Operation Security Conclusion References Q/A
CSIS Outline Motivation Design Operation Security Conclusion References Q/A 8/2/2011 Team 0

3 Motivation – VLAN Contemporary LANs Need Segmentation CSIS
Topology (All Within Ethernet - TP) Geographic Organizational Functional Load [1] Functional Network Mis-configured Network (Broadcast Storms) Broadcast [2] Efficient Use of Available Ports 8/2/2011 Team 0

4 CSIS VLANS Ethernet 802.1Q [2] Group Of LANs That Have Different Physical Connections – Virtual Broadcast Domains [3] Communicate As If They Are Connected On A Single Network Segment [3] Unicast Or Broadcast Data Transmission Is Limited - Traffic Is Reduced [4] Software Based Solution Allows IT Administrators To Adapt To Changes 8/2/2011 Team 0

5 Advantages Ease of administration [8] Confinement of broadcast domains
CSIS Advantages Ease of administration [8] Confinement of broadcast domains Reduction in network traffic Enforcement of security policies [10] 8/2/2011 Team 0

6 Design Ethernet 802.1Q New Frame Format (1995)
CSIS Design Ethernet 802.1Q New Frame Format (1995) Ethernet Header (802.3) + VLAN Tag 802.3 VLAN Tag 802.1 Q (1998) Dest. Address Source Address Len Data Pad FCS Pri CFI VLAN Identifier Dest. Addr. Source Addr. V-Tag VLAN Protocol 0 x 8100 Len Data Pad FCS 8/2/2011 Team 0

7 Design Number of VLANS Port Name & ID (Color) Topology CSIS Switch
Computer Topology Geographic Organizational Functional Hybrid 8/2/2011 Team 0

8 Types Backward Compatibility CSIS
How a packet gets assigned to a VLAN-Aware Switch [5] Port-based MAC address-based L3 protocol-based Backward Compatibility Only VLAN Switches 802.1 Q NICs 8/2/2011 Team 0

9 Requirements > 200 devices on LAN?
CSIS Requirements > 200 devices on LAN? Groups of users need more security? [2] Slow Network by too many broadcasts? [3] Groups of users need to be on the same broadcast domain running the same applications - VoIP phones? 8/2/2011 Team 0

10 CSIS Operation Logical Broadcast Domains In A Single Switch Or Multiple Switches, Regardless Of Physical Proximity Configuration (CISCO) [7] VLAN Trunk Protocol (VTP) Mode, Domain Name, Which Ports On The Switch Belong To Which VLAN Linking VLANS Layer 3 Routing Device (WS−X4232 For Catalyst 4500/4000 Switches ) Built−in Support For Inter−VLAN Routing Catalyst 3550/3750/6500 8/2/2011 Team 0

11 [7] CSIS 8/2/2011 Team 0

12 [7] 8/2/2011 Team 0

13 VLAN Security Considerations CSIS Inadequate Switch Configuration [5]
Best Practices -The SAFE Blueprint [6] Security Audit Inadequate Access Control Documentation, Policies, Procedures Firmware Controls Appropriate HW / SW Implementation 8/2/2011 Team 0

14 Threats [9] CSIS Availability Confidentiality Integrity Authenticity
Interruption Confidentiality Interception Integrity Modification Authenticity Fabrication 8/2/2011 Team 0

15 Identifying Risks to Data
CSIS Public Web Site Data Internal Payroll Data Marketing Data Confidential Type of Data What is at Risk Public Prestige, Trust, Revenue Internal Operations Confidential Operations, Internal Trust Secret Intellectual Property [9] Secret Trade Secrets 8/2/2011 Team 0

16 Prevention [5] Physical Access System passwords IP permit filters
CSIS Prevention [5] Physical Access System passwords IP permit filters Login Banners Other tools: RADIUS TACACS+ Kerberos SSH SNMPv3 IDS / IPS 8/2/2011 Team 0

17 Conclusion Contemporary LANs Need Segmentation Design Security CSIS
Topology , Load, Broadcast Design Group Of LANs That Have Different Physical Connections – Virtual Broadcast Domains Ethernet 802.1Q Security Threats, Risks, Prevention 8/2/2011 Team 0

18 CSIS References 8/2/2011 Team 0
Tanenbaud, A. and Wetherall, D., Compter Network, Pearson, Fifth Edition, pp , 2011. Siefert and Edwards, The all New Switch Book, NY, John Wiley, 2008 Research Report: Secure Use of VLANs: Security Assessment—August 2002, SAFE: A Security Blueprint for Enterprise Networks, Best Practices for Catalyst 4500, 5000, and 6500 Series Switch Configuration and Management, Blum, Howard, Lecture Notes for Course DCS835 Networking and the Internet , Pace University, Unpublished course lecture notes. Shaikh, R, Network Security, MUET – Unpublished notes. 8/2/2011 Team 0

19 DCS835 Compute Network and the Internet
CSIS DCS835 Compute Network and the Internet Questions Team 0 Maria Sette Roshan Shaikh 8/2/2011 Team 0

Download ppt "DCS835 Compute Network and the Internet"

Similar presentations

LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
VLANs (Virtual LANs) CS 158B Elaine Lim Allison Nham.

VLANs (Virtual LANs) CS 158B Elaine Lim Allison Nham.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
We will be covering VLANs this week. In addition we will do a practical involving setting up a router and how to create a VLAN.

We will be covering VLANs this week. In addition we will do a practical involving setting up a router and how to create a VLAN.
Sybex CCNA 640-802 Chapter 9: VLAN’s Instructor & Todd Lammle.

Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.
Ch. 8 – VLANs (Virtual LANs)

Ch. 8 – VLANs (Virtual LANs)
VLANs.ppt CCNA Exploration Semester 3 Chapter 3

VLANs.ppt CCNA Exploration Semester 3 Chapter 3
1 Lecture #6 Switch – VLAN Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University, Bangkok, Thailand.

1 Lecture #6 Switch – VLAN Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University, Bangkok, Thailand.
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17

Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.

Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.

Similar presentations

Ads by Google