Chapter 5 Secure LAN Switching. MAC Address Flooding Causing CAM Overflow and Subsequent DOS and...

Chapter 5 Secure LAN Switching

MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks

Port Security

Example – Set port security 2/1 enable– Set port security 2/1 00-90-2b-03-34-08– Set port security 3/2 maximum 1

Restricting Access to a Switch via IP Permit List

Example – Set ip permit enable– Set ip permit 172.16.0.0 255.255.0.0 telnet– Set ip permit 172.20.52.2 255.255.255.255 snmp– Set ip permit 172.20.52.3 all

Controlling LAN Floods

Example– Set port broadcast 2/1-6 75%

Private VLANs on the Catalyst 6000

Restricts intra VLAN traffic on a per port basis Solves ARP spoofing

IEEE 802.1x Standard

Provides authentication of devices connecting to a physical port on a layer 2 switch or a logical port on a wireless access point

802.1x Entities

Supplicant: a device (eg. Laptop) that needs to access the LAN

Authenticator: a device that initiates the authentication process between the supplicant and the authentication server

Authentication server: a device (eg. Cisco ACS) that can authenticate a user on behalf of an authenticator

802.1x Communication

Uses Extensible Authentication Protocol (EAP) described in RFC 3748

Authentication data is transmitted in EAP packets – encapsulated in EAPOL frames between

supplicant and authenticator– encapsulated TACACS+ or RADIUS packets

between authenticator and authentication server

Extensible Authentication Protocol (EAP)

Carries authentication data between two entities that wish to set up an authenticated channel for communication

Supports one-time password, MD5 hashed username and password, and transport layer security

EAP Packet Format (RFC 2284)

Code: identifies EAP packet type such as request, response, success, or failure

Identifier: used to match responses with requests Length: length of EAP packet

Types of EAP Request/Response messages

Identity message Notification message NAK message MD-5 challenge message One-time password message Transport-Layer Security (TLS) message

EAP Exchange Involving Successful OTP Authentication

Frame Format for EAPOL Using Ethernet 802.3

Relationship between Supplicant, Authenticator, Authentication server,

EAPOL, and TACACS+/Radius

802.1x Architecture and Flow using EAP over EAPOL and

EAP over TACACS+/RADIUS

Chapter 5 Secure LAN Switching. MAC Address Flooding Causing CAM Overflow and Subsequent DOS and...

Documents

Transcript of Chapter 5 Secure LAN Switching. MAC Address Flooding Causing CAM Overflow and Subsequent DOS and...

Instructor: Khaled Diab › sp20 › lectures › ... · •overflow function return address •overflow function base pointer •Overflow (dynamically allocated) memory region on

Predicting Post-Wildfire Watershed Runoff Using ArcGIS ......from a wildfire exposes soil to erosion, which may increase runoff, causing flooding, sediments may move downstream and

SID Risk Assessment - SA Water · 2020-03-19 · ENVIRONMENTAL –Slide 1 . Page heading goes here • Flooding • Overflow • Wind • Vibration • Ground Movement • Earthquake

Compound flooding: Interactions of extreme river flows and sea … · 2020-05-01 · •Projected sea-level rise is the biggest problem –causing substantial and widespread flooding

Impact assessment of flood mitigation measures · Flooding probability (1) • Failure mechanism: overflow /wave overtopping the dike • The Design water level is used to assess

Stereoscopic Overflow

PATENT PENDING Technical Data Dechlorinating Overflow ......Dechlorinating Overflow Security Assembly (DOSA) Innovative System For Water Tank Overflow Pipes Discharging chlorinated

Probabilistic Modelling of Overflow, Surcharge and Flooding in Urban Drainage

The Citizenship Center in Curitiba’s Metropolitan ... · informal settlements aggravates the uncontrolled urban sprawl causing problems such as flooding, depletion of natural resources,

Experiencing Overflow

HURRICANE MATTHEW VIRGINIA IMPACTSdls.virginia.gov/groups/flooding/impacts101716.pdf•Matthew dropped 11+ inches of rain across Southeastern Virginia in a 24 hour period, causing

CLOSED BASIN & LAKE FLOODING - North Dakotaallow the discharge of surplus water, causing them to flood. But unlike river and stream flooding that typically peaks and then recedes;

bihar flood report 2017imaratshariah.com/images/bihar-flood-report-imarat-shari...Bihar led to the overflow of major rivers like Mahananda, Koshi and Kankai that caused flooding in

E Overflow

4. OVERFLOW-D-Mode Operation Without Grid Movement · 4. OVERFLOW-D-Mode Operation Without Grid Movement Two features distinguish “OVERFLOW-D-mode” from a traditional OVERFLOW

Lecture 3 Linear Data Structures - eecs.yorku.ca Linear Data... · data forced into the buffer goes beyond the expected limits, causing the data to overflow ... • fix 2: increase

WIDESPREAD FLOODING IN NEW JERSEY AS LOCAL RIVERS OVERFLOW AFTER SPRING STORMS PASSAIGE, SADDLE, RAMAPO, POMPTON RIVER SYSTEMS OVERFLOW BANKS MARCH 7-13;

PLANNED UNIT DEVELOPMENT APPLICATION See Attached ... · The boundaries of areas subject to 100-year flooding or storm water overflow, as determined by the City, and the location,

Overflow. Part 3 Overflowing Gratitude Overflow – perisseia “Superabundance”

Combined Sewer Overflow and Sanitary Sewer Overflow Monitoring