0% found this document useful (0 votes)

38 views

Lesson 10 - Securing The LAN

Uploaded by

Gemma Tsotetsi

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

38 views

Lesson 10 - Securing The LAN

Uploaded by

Gemma Tsotetsi

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 86

Chapter 6:

Securing the Local Area Network

CCNA Security v2.0

6.0 Introduction
6.1 Endpoint Security
Chapter Outline 6.2 Layer 2 Security Threats
6.3 Summary

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 6.1:
Endpoint Security
Upon completion of this section, you should be able to:
• Describe endpoint security and the enabling technologies.

• Explain how Cisco AMP is used to ensure endpoint security.

• Explain how Cisco NAC authenticates and enforces the network security policy.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Securing Endpoints in the Borderless Network
Post malware attack Host-Based Protection:
questions: • Antivirus/Antimalware
• Where did it come from?
• SPAM Filtering
• What was the threat method
• URL Filtering
and point of entry?
• Blacklisting
• What systems were affected?
• Data Loss Prevention (DLP)
• What did the threat do?

• Can I stop the threat and root

cause?
• How do we recover from it?

• How do we prevent it from

happening again?

Talos teams gather real-time threat intelligence from a variety of

sources:
• 1.6 million deployed security devices, including firewall, IPS, web, and
email appliances
• 150 million endpoints

They then analyze this data:

• 100 TB of security intelligence daily
• 13 billion web requests per day
• 35% of the world’s enterprise email traffic

• AMP for Endpoints - AMP for Endpoints integrates with Cisco AMP for
Networks to deliver comprehensive protection across extended networks and
endpoints.
• AMP for Networks - Provides a network-based solution and is integrated
into dedicated Cisco ASA Firewall and Cisco FirePOWER network security
appliances.
• AMP for Content Security – This is an integrated feature in Cisco Cloud
Web Security or Cisco Web and Email Security Appliances to protect against
email and web-based advanced malware attacks.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Cisco Email Security Appliance
Features and benefits of Cisco Email Security solutions:
• Global threat intelligence
• Spam blocking

• Advanced malware protection

• Outbound message control

Client Initiates Web Request

WSA Forwards
Request

Reply Sent to WSA and Then

To Client

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Network Access for Guests
Three ways to grant sponsor permissions:
• to only those accounts created by the sponsor

• to all accounts

• to no accounts (i.e., they cannot change any permissions)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Section 6.2:
Layer 2 Security Considerations
Upon completion of the section, you should be able to:
• Describe Layer 2 vulnerabilities.

• Describe CAM table overflow attacks.

• Configure port security to mitigate CAM table overflow attacks.

• Configure VLAN Truck security to mitigate VLAN hopping attacks.

• Implement DHCP Snooping to mitigate DHCP attacks.

• Implement Dynamic Arp Inspection to mitigate ARP attacks.

• Implement IP Source Guard to mitigate address spoofing attacks.

Intruder Runs Attack Tool

Fill CAM Table

Switch Floods All Traffic

Attacker Captures Traffic

Enabling Port Security

Verifying Port
Security

Port Security Options

Setting the Maximum Number of Mac Addresses

Manually Configuring Mac Addresses

Learning Connected Mac Addresses Dynamically

Security Violation Modes:

• Protect

• Restrict

• Shutdown

Step 1 – Double Tagging Attack

Step 2 – Double Tagging Attack

Step 3 – Double Tagging Attack

DHCP Server Offers Parameters

DHCP Server Acknowledges All Requests

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Mitigating VLAN Attacks
The switch will deny packets
containing specific information:
• Unauthorized DHCP server
messages from an untrusted port
• Unauthorized DHCP client
messages not adhering to the
snooping binding table or rate
limits
• DHCP relay-agent packets that
include option-82 information on
an untrusted port

Configuring a Maximum Number of MAC Addresses

ARP Reference Topology

Configuring Dynamic
ARP Inspection

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Mitigating Address Spoofing Attacks
For each untrusted port, there are two possible levels of IP traffic security filtering:
• Source IP address filter

• Source IP and MAC address filter

IP Source Guard Reference Topology

Configuring IP Source Guard

Checking IP Source Guard

Spoofing the Root Bridge

Successful STP Manipulation Attack

• Describe various types of endpoint security applications.

• Describe Layer 2 vulnerabilities.

Smart Craft 891965 (1) Complete Guide
100% (10)
Smart Craft 891965 (1) Complete Guide
115 pages
Audiolab 8000A Owner's Manual PDF
No ratings yet
Audiolab 8000A Owner's Manual PDF
10 pages
SOP-001166 (Software Und IT Change Management)
No ratings yet
SOP-001166 (Software Und IT Change Management)
10 pages
Seguridad en Redes LAN - Sesion 11
No ratings yet
Seguridad en Redes LAN - Sesion 11
84 pages
Implementing Cisco Network Security Exam (210-260)
No ratings yet
Implementing Cisco Network Security Exam (210-260)
4 pages
5.0 Security Fundamentals
No ratings yet
5.0 Security Fundamentals
33 pages
NET301 Chapter5 NetworkSecurityandMonitoring
No ratings yet
NET301 Chapter5 NetworkSecurityandMonitoring
39 pages
CNv6 instructorPPT Chapter5
No ratings yet
CNv6 instructorPPT Chapter5
45 pages
Cnss
No ratings yet
Cnss
4 pages
Portuguese CCNA 7 Seguranca LAN
No ratings yet
Portuguese CCNA 7 Seguranca LAN
41 pages
Implementing Cisco Edge Network Security Solutions (300-206)
No ratings yet
Implementing Cisco Edge Network Security Solutions (300-206)
3 pages
CCNA7 LAN Security Module
No ratings yet
CCNA7 LAN Security Module
48 pages
CCIE Security Lab Exam v3
No ratings yet
CCIE Security Lab Exam v3
11 pages
CCIE Security v6.1 Blueprint
No ratings yet
CCIE Security v6.1 Blueprint
5 pages
Securing Cisco Network Devices (SND) v2.0 Volume 2 PDF
No ratings yet
Securing Cisco Network Devices (SND) v2.0 Volume 2 PDF
428 pages
Network Security & Threats
No ratings yet
Network Security & Threats
40 pages
L2 Attacks
No ratings yet
L2 Attacks
93 pages
Understanding, Preventing, and Defending Against Layer 2 Attacks
No ratings yet
Understanding, Preventing, and Defending Against Layer 2 Attacks
91 pages
Network Security and Cyber Security
No ratings yet
Network Security and Cyber Security
26 pages
Securing The Local Network Network: CCNA Security
No ratings yet
Securing The Local Network Network: CCNA Security
146 pages
CH-01
No ratings yet
CH-01
55 pages
ProductInfo 05-08-2020 0458
No ratings yet
ProductInfo 05-08-2020 0458
7 pages
Chapter 2 Network Security Devices and Cloud Services
No ratings yet
Chapter 2 Network Security Devices and Cloud Services
36 pages
Ccna Security: Exam Description
No ratings yet
Ccna Security: Exam Description
5 pages
Module 10: LAN Security Concepts: Instructor Materials
No ratings yet
Module 10: LAN Security Concepts: Instructor Materials
32 pages
CCNASv2_InstructorPPT_CH1
No ratings yet
CCNASv2_InstructorPPT_CH1
67 pages
Module 10: LAN Security Concepts: Switching, Routing and Wireless Essentials v7.0 (SRWE)
No ratings yet
Module 10: LAN Security Concepts: Switching, Routing and Wireless Essentials v7.0 (SRWE)
38 pages
CCNASv2 InstructorPPT CH1
No ratings yet
CCNASv2 InstructorPPT CH1
67 pages
Seguridad de Los Sistemas de Información: Ethical Hacking / Paul M. Vildoso Alvarado
No ratings yet
Seguridad de Los Sistemas de Información: Ethical Hacking / Paul M. Vildoso Alvarado
54 pages
SRWE Module 10
No ratings yet
SRWE Module 10
26 pages
Implementing Cisco Network Security Exam (210-260) : Security Concepts Common Security Principles
No ratings yet
Implementing Cisco Network Security Exam (210-260) : Security Concepts Common Security Principles
4 pages
CCIE Security v6 Exam Topics
No ratings yet
CCIE Security v6 Exam Topics
6 pages
Securing Network Devices: CCNA Security v2.0
No ratings yet
Securing Network Devices: CCNA Security v2.0
85 pages
CCNAS v11 Ch06
No ratings yet
CCNAS v11 Ch06
75 pages
Understanding Cisco Cybersecurity Fundamentals (210-250) Blueprint
No ratings yet
Understanding Cisco Cybersecurity Fundamentals (210-250) Blueprint
6 pages
Lec9 LAN Security Concepts
No ratings yet
Lec9 LAN Security Concepts
58 pages
CH-02
No ratings yet
CH-02
66 pages
Module 10: LAN Security Concepts: Instructor Materials
No ratings yet
Module 10: LAN Security Concepts: Instructor Materials
37 pages
CCIE Security Lab Exam Topics v4.0 System Hardening and Availability
No ratings yet
CCIE Security Lab Exam Topics v4.0 System Hardening and Availability
3 pages
Security2006 Eric Vyncke 2
No ratings yet
Security2006 Eric Vyncke 2
59 pages
CCNP Security CH1
No ratings yet
CCNP Security CH1
35 pages
Hany EL Mokadem Switch Attacks and Countermeasures
No ratings yet
Hany EL Mokadem Switch Attacks and Countermeasures
9 pages
Cisco Router Firewall Security
No ratings yet
Cisco Router Firewall Security
1,245 pages
Build A Small Network
No ratings yet
Build A Small Network
39 pages
CCNA Security 06
No ratings yet
CCNA Security 06
99 pages
CCNA Security: Chapter Six Securing The Local Area Network
No ratings yet
CCNA Security: Chapter Six Securing The Local Area Network
99 pages
Slide 3 15 2020
No ratings yet
Slide 3 15 2020
114 pages
Network 1111
No ratings yet
Network 1111
18 pages
Cisco
No ratings yet
Cisco
60 pages
Common Security Threats
No ratings yet
Common Security Threats
1 page
ICND120S03
No ratings yet
ICND120S03
60 pages
Chapter5 Security Fundamentals
No ratings yet
Chapter5 Security Fundamentals
11 pages
Chapter5 Security Fundamentals
No ratings yet
Chapter5 Security Fundamentals
11 pages
CISA EXAM-Testing Concept-Firewall
From Everand
CISA EXAM-Testing Concept-Firewall
Hemang Doshi
2.5/5 (2)
CCSP - Certified Cloud Security Professional Exam Insights
From Everand
CCSP - Certified Cloud Security Professional Exam Insights
SUJAN
No ratings yet
Framework for SCADA Cybersecurity
From Everand
Framework for SCADA Cybersecurity
Richard Clark
5/5 (1)
CCNA Exam Focus: Study Guide with Practice Tests
From Everand
CCNA Exam Focus: Study Guide with Practice Tests
SUJAN
No ratings yet
Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1
From Everand
Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1
Kevin Clark
No ratings yet
SSL VPN : Understanding, evaluating and planning secure, web-based remote access
From Everand
SSL VPN : Understanding, evaluating and planning secure, web-based remote access
Tim Speed
No ratings yet
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 3
From Everand
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 3
Byte Books
No ratings yet
CISSP Exam Prep Questions, Answers & Explanations: 1500+ CISSP Practice Questions with Solutions
From Everand
CISSP Exam Prep Questions, Answers & Explanations: 1500+ CISSP Practice Questions with Solutions
Eddie Vi
3/5 (7)
The Palo Alto Networks Handbook: Practical Solutions for Cyber Threat Protection
From Everand
The Palo Alto Networks Handbook: Practical Solutions for Cyber Threat Protection
Robert Johnson
No ratings yet
Cybersecurity for Small Networks: A Guide for the Reasonably Paranoid
From Everand
Cybersecurity for Small Networks: A Guide for the Reasonably Paranoid
Seth Enoka
No ratings yet
Chef Vs Puppet Vs Ansible Vs Saltstack - Configuration Management Tools Comparison - Edureka+ - 1
No ratings yet
Chef Vs Puppet Vs Ansible Vs Saltstack - Configuration Management Tools Comparison - Edureka+ - 1
29 pages
SYSLOG - NETCONF and NETFLOW
No ratings yet
SYSLOG - NETCONF and NETFLOW
21 pages
CS5440 Networks Management
No ratings yet
CS5440 Networks Management
16 pages
Network Management Protocols
No ratings yet
Network Management Protocols
35 pages
Girbau
No ratings yet
Girbau
8 pages
Iecex Eps 12.0024
No ratings yet
Iecex Eps 12.0024
4 pages
Instek - GDS 3000 Um
No ratings yet
Instek - GDS 3000 Um
209 pages
Upute Casio Aeq120w
No ratings yet
Upute Casio Aeq120w
5 pages
Traffic Cases in GSM
100% (2)
Traffic Cases in GSM
18 pages
JDM A15 - Rev. 03-2018
No ratings yet
JDM A15 - Rev. 03-2018
18 pages
CST2355 - A3
No ratings yet
CST2355 - A3
50 pages
Director Project Management Operations in Atlanta GA Resume Austin Mattson
No ratings yet
Director Project Management Operations in Atlanta GA Resume Austin Mattson
2 pages
Cyber Crimes
No ratings yet
Cyber Crimes
4 pages
Does Nvidia Use FPGA in Machine Learning
No ratings yet
Does Nvidia Use FPGA in Machine Learning
3 pages
Learning and Development at Reliance Infrastructure (H.R Case Study)
No ratings yet
Learning and Development at Reliance Infrastructure (H.R Case Study)
22 pages
Real World CI/CD With Kubernetes: Jirayut Nimsaeng (Dear)
No ratings yet
Real World CI/CD With Kubernetes: Jirayut Nimsaeng (Dear)
44 pages
Infographics 160811232821
No ratings yet
Infographics 160811232821
46 pages
Detailed Notes on API and Its Importance
No ratings yet
Detailed Notes on API and Its Importance
4 pages
Terminal Commands - Quick Cheat-Sheet
No ratings yet
Terminal Commands - Quick Cheat-Sheet
2 pages
CV Fulger George-Dan Ro
No ratings yet
CV Fulger George-Dan Ro
4 pages
TP 10665
No ratings yet
TP 10665
306 pages
Elektor 2009 09
100% (1)
Elektor 2009 09
88 pages
CAR 66 - B2 Avionics Syllabus
100% (1)
CAR 66 - B2 Avionics Syllabus
6 pages
Acer Iconia Tab A200 - Schematics PDF
No ratings yet
Acer Iconia Tab A200 - Schematics PDF
36 pages
Lica
No ratings yet
Lica
2 pages
Unit 3.5 Small Home Lighting System
No ratings yet
Unit 3.5 Small Home Lighting System
10 pages
Apple VS Android Product Positioning Strategy
No ratings yet
Apple VS Android Product Positioning Strategy
9 pages
Keynotes
No ratings yet
Keynotes
28 pages
Job Recommendation System Report
No ratings yet
Job Recommendation System Report
47 pages
HP Scanjet Pro 2500 F1 Flatbed Scanner: Boost Productivity With Fast, Versatile Scanning
No ratings yet
HP Scanjet Pro 2500 F1 Flatbed Scanner: Boost Productivity With Fast, Versatile Scanning
2 pages