Networking Technology: Security: LAN Switch Security

More about the book

Ethernet switches are not inherently secure, and vulnerabilities arise from their implementation and associated protocols like Spanning Tree Protocol (STP) and Address Resolution Protocol (ARP). This guide details these vulnerabilities and provides strategies to configure switches to prevent or mitigate attacks. It also discusses how to enhance network security using Ethernet switches. The content is divided into four parts: Part I identifies vulnerabilities in Layer 2 protocols and outlines configurations to prevent attacks; Part II focuses on denial-of-service (DoS) attacks and their mitigation; Part III explains how switches can enhance security through wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication; and Part IV explores future developments from the LinkSec working group at IEEE. Most of the material is vendor-independent, making it valuable for all network architects deploying Ethernet switches. Readers will gain a comprehensive understanding of LAN security and be equipped to address the security gaps prevalent in many campus networks. The authors, Eric Vyncke and Christopher Paggen, bring extensive expertise in network security, with backgrounds in engineering and consulting roles at Cisco, complemented by contributions from other technical leaders in the field.