Lecture CCNA security partner - Chapter 5: Securing the Data Plane on Cisco Catalyst Switches

Securing the Data Plane on Cisco Catalyst Switches © 2012 Cisco and/or its affiliates. All rights reserved. 1 Contents Topics covered in this chapter include the following: • An introduction to fundamental switching concepts, starting with the building blocks of VLANs and trunking • An introduction to other building blocks of switching technology, including Spanning Tree Protocol for high availability • A revisit and further explanation of security threats that exploit vulnerabilities in the switching infrastructure • A description of how to plan and develop a strategy for protecting the data plane • A description of the Spanning Tree Protocol Toolkit found on Cisco IOS routers that prevents STP operations from having an impact on the security posture • A review of port security and how to configure it, to illustrate security controls that are aimed at mitigating MAC spoofing and other threats © 2012 Cisco and/or its affiliates. All rights reserved. 2 Overview • Overview of VLANs and Trunking • Trunking and 802.1Q • 802.1Q Tagging • DTP (Dynamic Trunking Protocol) • Native VLANs • Configuring VLANs and Trunks • Configuring Inter-VLAN Routing • Spanning Tree Overview • STP 802.1D, RSTP, PVRST+ … © 2012 Cisco and/or its affiliates. All rights reserved. 3 Mitigating Layer 2Attacks © 2012 Cisco and/or its affiliates. All rights reserved. 4 Domino Effect If Layer 2 is Compromised Layer 2 independence enables interoperability and interconnectivity. However, from a security perspective, Layer 2 independence creates a challenge because a compromise at one layer is not always known by the other layers. If the initial attack comes in at Layer 2, the rest of the network can be compromised in an instant. © 2012 Cisco and/or its affiliates. All rights reserved. 5 Network security is only as strong as the weakest link, and that link might ... - tailieumienphi.vn