LAN Switch Security

LAN Switch Security : What Hackers Know about Your Switches

4.66 (6 ratings by Goodreads)
By (author)  , By (author) 

List price: US$53.99

Currently unavailable

We can notify you when this item is back in stock

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

"LAN Switch Security: What Hackers Know About Your Switches - "A practical guide to hardening Layer 2 devices and stopping campus network attacks Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco(R) Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches. After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks. Use port security to protect against CAM attacksPrevent spanning-tree attacks Isolate VLANs with proper configuration techniquesProtect against rogue DHCP serversBlock ARP snoopingPrevent IPv6 neighbor discovery and router solicitation exploitationIdentify Power over Ethernet vulnerabilitiesMitigate risks from HSRP and VRPPStop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocolsUnderstand and prevent DoS attacks against switchesEnforce simple wirespeed security policies with ACLsImplement user authentication on a port base with IEEE 802.1xUse new IEEE protocols to encrypt all Ethernet frames at wirespeed. This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.show more

Product details

  • Electronic book text | 360 pages
  • Cisco Press
  • United States
  • English
  • 1587057042
  • 9781587057045

About Eric Vyncke

Eric Vyncke has a master's degree in computer science engineering from the University of Liege in Belgium. Heworked as a research assistant in the same university before joining Network Research Belgium. At NetworkResearch Belgium, he was the head of R&D. He then joined Siemens as a project manager for security projects, including a proxy firewall. Since 1997, he has worked as a distinguished consulting engineer for Cisco as a technicalconsultant for security covering Europe. For 20 years, Eric's area of expertise has been security from Layer 2 tothe application layer. He is also a guest professor at some Belgian universities for security seminars. Eric is also afrequent speaker at security events (such as Networkers at Cisco Live and RSA Conference).Christopher Paggen joined Cisco in 1996 where he has held various positions gravitating around LAN switchingand security technologies. Lately, he has been in charge of defining product requirements for the company's currentand future high-end firewalls. Christopher holds several U.S. patents, one of which pertains to Dynamic ARPInspection (DAI). As CCIE No. 2659, Christopher also owns a B.S. in computer science from HEMES (Belgium)and went on to study economics at UMH (Belgium) for two more years.show more

Back cover copy

"LAN Switch Security: What Hackers Know About Your Switches" A practical guide to hardening Layer 2 devices and stopping campus network attacks Eric VynckeChristopher Paggen, CCIE(R) No. 2659 Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco(R) Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches. After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks. Eric Vyncke has a master's degree in computer science engineering from the University of Liege in Belgium. Since 1997, Eric has worked as a Distinguished Consulting Engineer for Cisco, where he is a technical consultant for security covering Europe. His area of expertise for 20 years has been mainly security from Layer 2 to applications. He is also guest professor at Belgian universities for security seminars. Christopher Paggen, CCIE(R) No. 2659, obtained a degree in computer science from IESSL in Liege (Belgium) and a master's degree in economics from University of Mons-Hainaut (UMH) in Belgium. He has been with Cisco since 1996 where he has held various positions in the fields of LAN switching and security, either as pre-sales support, post-sales support, network design engineer, or technical advisor to various engineering teams. Christopher is a frequent speaker at events, such as Networkers, and has filed several U.S. patents in the security area. Contributing Authors: Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.Steinthor Bjarnason is a consulting engineer for Cisco.Ken Hook is a switch security solution manager for Cisco.Rajesh Bhandari is a technical leader and a network security solutions architect for Cisco. Use port security to protect against CAM attacksPrevent spanning-tree attacks Isolate VLANs with proper configuration techniquesProtect against rogue DHCP serversBlock ARP snoopingPrevent IPv6 neighbor discovery and router solicitation exploitationIdentify Power over Ethernet vulnerabilitiesMitigate risks from HSRP and VRPPStop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocolsUnderstand and prevent DoS attacks against switchesEnforce simple wirespeed security policies with ACLsImplement user authentication on a port base with IEEE 802.1xUse new IEEE protocols to encrypt all Ethernet frames at wirespeed. This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press--SecurityCovers: Ethernet Switch Security $60.00 USA / $69.00 CAN"LAN Switch Security: What Hackers Know About Your Switches" A practical guide to hardening Layer 2 devices and stopping campus network attacks Eric VynckeChristopher Paggen, CCIE(R) No. 2659 Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco(R) Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches. After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks. Eric Vyncke has a master's degree in computer science engineering from the University of Liege in Belgium. Since 1997, Eric has worked as a Distinguished Consulting Engineer for Cisco, where he is a technical consultant for security covering Europe. His area of expertise for 20 years has been mainly security from Layer 2 to applications. He is also guest professor at Belgian universities for security seminars. Christopher Paggen, CCIE(R) No. 2659, obtained a degree in computer science from IESSL in Liege (Belgium) and a master's degree in economics from University of Mons-Hainaut (UMH) in Belgium. He has been with Cisco since 1996 where he has held various positions in the fields of LAN switching and security, either as pre-sales support, post-sales support, network design engineer, or technical advisor to various engineering teams. Christopher is a frequent speaker at events, such as Networkers, and has filed several U.S. patents in the security area. Contributing Authors: Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.Steinthor Bjarnason is a consulting engineer for Cisco.Ken Hook is a switch security solution manager for Cisco.Rajesh Bhandari is a technical leader and a network security solutions architect for Cisco. Use port security to protect against CAM attacksPrevent spanning-tree attacks Isolate VLANs with proper configuration techniquesProtect against rogue DHCP serversBlock ARP snoopingPrevent IPv6 neighbor discovery and router solicitation exploitationIdentify Power over Ethernet vulnerabilitiesMitigate risks from HSRP and VRPPStop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocolsUnderstand and prevent DoS attacks against switchesEnforce simple wirespeed security policies with ACLsImplement user authentication on a port base with IEEE 802.1xUse new IEEE protocols to encrypt all Ethernet frames at wirespeed. This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press-SecurityCovers: Ethernet Switch Security $60.00 USA / $69.00 CANshow more

Rating details

6 ratings
4.66 out of 5 stars
5 67% (4)
4 33% (2)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X