The second level of the open system interconnection osi model is the data link layer. It consists of various layer2 attacks exploiting the weaknesses of different layer2 protocols. The site was designed to help you pass the ccna exam 200125, but it can also be used as a reference site for anything networking related. Just like ipsec protects network layer, and ssl protects application data, macsec protects traffic at data link layer layer 2.
What is the cisco ios version that the switch is running. Essential lockdowns for layer 2 switch security techrepublic. Network security fundamentals security on different layers and attack mitigation cryptography and pki resource registration whois database. Overview network security fundamentals security on different layers and attack mitigation. Pdf exploring layer 2 network security in virtualized. Use the webex training center to share files and documents, hold online meetings and conferences, and foster online collaboration. In a typical lan, all hosts are connected to one central device.
In the earlier chapters, we discussed that many realtime security protocols have evolved for network security. Whereas the physical layer deals with the actual physical media the cables and so forth that the data move over, the data link. Lesson 76 c3pl cisco common classification policy language, class map, policy map and service policy. All attacks and mitigation techniques assume a switched ethernet network running ipv4. The application layer layer 7 the presentation layer layer 6 the session layer layer 5 the transport layer layer 4 the network layer layer 3 the data link layer layer 2 the physical layer layer 1 putting all the layers together.
In this paper, we discuss the security concerns in layer 2 and summarize some of the possible attacks in layer 2. Layer1 vlans q also known as port switching q can be used to provide security and isolation q does not allow user mobility. The curriculum is designed for students seeking career oriented, enterpriselevel networking skills. Ccna security 210260 official cert guide premium edition ebook and practice test the exciting new ccna security 210260 official cert guide, premium edition ebook and practice test is a digitalonly certification preparation product combining an ebook with enhanced pearson it certification practice test. Use the system steal data, cause denial of service etc. Cisco ios xr virtual private network configuration guide for the cisco crs router ol2466901. After the initial assessment and gap analysis, the cycle continues with remediation planning, which has the goal of closing the gap and satisfying future requirements by updating the overall network architecture.
This document provides a sample configuration for some of the layer 2 security features, such as port security, dhcp snooping, dynamic address resolution protocol arp inspection and ip source guard, that can be implemented on cisco catalyst layer 3 fixed configuration switches. There are no specific requirements for this document. Identify the basic security threats and how to procedures to deal with them effectively. Ccnp route, ccnp switch, and ccnp tshoot, each course is equivalent to 120 hours of instructions. Table b1 layer 2 protocols protocol description l2f layer 2 forwarding l2f creates network access server nasinitiated tunnels by forwarding pointtopoint ppp sessions from one endpoint to another across a shared network infrastructure.
Cisco switches offer a wide range of security features at layer 2 to protect the network traffic flow and the devices. Lesson 17 cisco network foundation protection nfp framework management plane, control plane and data plane. Cisco ccna security notes 640553 m morgan 2010 page 8 of 56 6. Network security is only as strong as the weakest link, and layer 2 is no exception. Enable defended telnet admission to a router user interface, and accede application defended shell ssh instead of telnet. Ipsec, vpn, and firewall concepts computer science. With the introduction of ciscos powerful switches and vlan feature, most companies started to deploy a switched network with vlans extending throughout the lan campus. This technology enables a secure connection, over the internet, between the users. Changing arp bindings requires manual intervention. This allows for flexibility in the wan design and interconnection of the remote sites. Changing the way we work, live, play, and learn and cisco store are service. Layer 2 security free download as powerpoint presentation. Applying firstclass security measures to the upper layers layers 3 and higher does not benefit your network if layer 2 is compromised.
The data link layer is adjacent to the physical layer, so they are associated pretty closely together. Protocols on one layer will interact with protocols on the layer above and below it, forming a protocol suite or stack. This course is designed for beginners who want to enter in the world of computer network. Layer 2 wan supports an enterprise subscriber model in which the service provider is transparent and the enterprise implements all layer 3 routing. During pentests, yersinia is used to initiate attacks on layer2 devices like switches, dhcp servers spanning tree protocols etc. Cisco also published a white paper 8 regarding vlan security in their. Beginners will learn to understand the basics of how data is sent and received in a computer network and how small computer networks are created. My name is harris andrea and im a security and network engineer working in an internet service provider. Jun 25, 2009 portbased security basically says that we wont let you on our layer 2 switch infrastructure, even if you plug into a port, until you prove who you are and that youre authorized to get onto the. Enable trunking and configure security on the new trunk link between sw1 and sw2. Create a new management vlan vlan 20 and attach a management pc to that vlan. The cisco ccna security certification also provides the tools and skills needed for an it security beginner for installation, troubleshooting, and monitoring of network devices to maintain the integrity, confidentiality, and availability of. Yersinia for layer 2 kali linux tutorials, kali linux.
Most enduser devices, such as computers, printers, ip phones and other hosts, connect to the network via layer 2 access switches. May go through a router to access the old server lan segment 1 lan segment 4 lan segment 5 lan segment 2 lan segment 3 vlan 1 vlan 2. Perhaps the strongest driving force to deploying a layer 2 network was that layer 3 devices could not keep up with layer 2 switching engines. Aug 22, 2017 packet tracer layer 2 vlan security topology.
With our cisco tutorials, learn to set up, host, and manage webex sessions. Understanding, preventing, and defending against layer 2. Welcome to website, a free ccna tutorial site that closely follows the cisco ccna curriculum. Ethernet switching attack resilience varies widely from vendor to vendor. Thus a pentester can identify the vulnerabilities in the deep layer 2 of the network. Security is important in our networks, at this layer, we can implemnent several security measures such as port security to control access to the network. Similar to routers, switches are subject to attack from malicious internal. Understanding layer 2, 3, and 4 protocols searchnetworking. Introduction to ccna security free networking tutorials.
They break up one large collision domain into multiple smaller ones. Private vlan edge pve provides layer 2 isolation between devices on the same vlan. Lesson 79 introduction to cisco ipsec vpn technologies. As a result, switches can present a network security risk. By default, only vlan 1 is configured on the switch, so if you connect hosts on an outofthebox switch they all belong to the same layer 2 continue reading. Layer 2 security network switch internet architecture. Ccna security 210260 section 8 securing layer 2 infrastructure. About cisco networking tutorials networks training. When it comes to networking, layer 2 can be a very weak link. Lesson 80 how to configure sitetosite ipsec vpn using ikev1 main mode. Secure spanningtree parameters to prevent stp manipulation attacks. This module provides the conceptual and configuration information for mpls layer 2 virtual private networks vpns on cisco ios xr software. Network layer security controls have been used frequently for securing communications, particularly over shared networks such as the internet because they can provide protection for many applications at once without modifying them.
L2f functionality is similar to the pointtopoint tunneling protocol pptp, which was developed by the microsoftled pptp forum. Media access control security or macsec is the layer 2 hop to hop network traffic protection. Ccna security 210260 official cert guide ccna security 210260 official cert guide is a bestofbreed cisco exam study guide that focuses specifically on the objectives for the ccna security implementing cisco network security iins 210260 exam. Up to 4094 vlans can be configured on cisco catalyst switches. Layer 2 switching or data link layer switching is the process of using devices mac addresses to decide where to forward frames.
This is not a comprehensive talk on configuring ethernet switches for security or nac or ieee 802. Ccna security 210260 official cert guide is a bestofbreed cisco exam study guide that focuses specifically on the objectives for the ccna security implementing cisco network security iins 210260 exam. Pdf securing layer 2 in local area networks researchgate. Aug 22, 2017 packet tracer layer 2 security topology. Next, she addresses layer 2 attacks and techniques to secure cisco switches. Cisco security experts omar santos and john stuppi share preparation hints and testtaking tips, helping you identify areas of weakness and. Layer two forwarding l2f is a cisco tunneling protocol that uses virtual dialup networks for secure data packet transport. Macsec introduces a new tag field, security tag sectag, in layer 2 frames. Enable port security to prevent cam table overflow attacks.
Cisco security experts omar santos and john stuppi share preparation hints and testtaking tips, helping you identify areas of. Network security fundamentals security on different layers and attack mitigation. L2f is part of the layer 2 tunneling protocol l2tp standard rfc 2661. S1 is a layer 2 switch, so it makes forwarding decisions based on the layer 2 header. Ccna security 210260 official cert guide cisco press. Portbased security basically says that we wont let you on our layer 2 switch infrastructure, even if you plug into a port, until you prove who you are and that youre authorized to get onto the. This exam tests a candidates knowledge of implementing and operating core security technologies including network security, cloud. Configuring asa basic settings and firewall using cli duration. Restrict infrastructure device management accessibility 23. Cisco security device manager the cisco security device manager sdm is an intuitive, webbased device management tool embedded within cisco ios access routers. The network device must use snmp version 3 security model with fips 1402 validated cryptography for any snmp agent configured on the device. Apr 05, 2008 we use your linkedin profile and activity data to personalize ads and to show you more relevant ads.
Layer 2 security features on cisco catalyst layer 3 fixed. Objectives connect a new redundant link between sw1 and sw2. Lisa bock, a security ambassador, explains the difference between the control, data, and management planes in networking, and provides to an overview of layer 3 attacks and techniques for securing cisco routers. Jul 24, 2018 ccna security 210260 section 8 securing layer 2 infrastructure. Objectives assign the central switch as the root bridge. This post will deal with creating layer 2 vlans on cisco switches and performing all relevant configurations. Network security baseline ol1730001 chapter 1 introduction cisco security framework overview. The layer 2 infrastructure consists mainly of interconnected ethernet switches. L2tp layer 2 tunneling protocol l2tp is an ietf standard. Prep for the layer 2 technologies part of exam, 300115 switch implementing cisco ip switched networks. Here you can find all materials needed to study for your ccna exam. Cisco training and tutorials use the webex training center to share files and documents, hold online meetings and conferences, and foster online collaboration. In this lab, you will configure ssh access and layer 2.
Understand how best to combat security issues and identify the tools software and hardware used. The cisco safe blueprint additionally lists several best practices for layer 3 security. Whether you need a basic highperformance network to connect employee. Jul 11, 2019 media access control security or macsec is the layer 2 hop to hop network traffic protection. Let us say you want a switch to be shown as a container with the switch in the middle and all the nodes that are connected to it.
The switch cisco ios software provides many security features that are specific to switch functions and protocols. There have been a number of attacks on the network recently. Without the strong authentication and privacy that is provided by the snmp version 3 userbased security model usm, an unauthorized user can gain. The network device must use snmp version 3 security model with fips 140 2 validated cryptography for any snmp agent configured on the device. The cisco ccna security certification curriculum provides an introduction to the core security concepts. Some ios version may require a manual shutdown command before entering the no shutdown. Take advantage of this course called firewall security to improve your networking skills and better understand firewall this course is adapted to your level as well as all firewall pdf courses to better enrich your knowledge all you need to do is download the training document, open it and start learning firewall for free this tutorial has been prepared for the beginners to help. During pentests, yersinia is used to initiate attacks on layer 2 devices like switches, dhcp servers spanning tree protocols etc. However, the data link layer layer 2 security has not been adequately addressed yet. Candidates are expected to program and automate the network within their exam, as per exam topics below. We use your linkedin profile and activity data to personalize ads and to show you more relevant ads.
It consists of various layer 2 attacks exploiting the weaknesses of different layer 2 protocols. Create a backdoor to allow future access, in case main point of attack entry is shutdown. Manual image verification may be initiated from the cli using the verify command. Switches and bridges are used for layer 2 switching. Lesson 78 how to configure cisco ios zone based firewall.
Wireless traffic analysissniffing launch wireless attacks. They break up one large collision domain into multiple smaller ones in a typical lan, all hosts are connected to one central device. These functions are controlled by protocols, which are rules that govern endtoend communication between devices. Cisco 350 series managed switches data sheet kommago. Security features on switches securing layer 2 cisco press. Network models are organized into layers, with each layer representing a specific networking function. Welcome to the cisco ccna networking basics for beginners. Layer 2 switch security technical implementation guide cisco.
449 1446 776 418 767 1508 584 868 363 1208 1344 1173 891 1312 287 17 316 490 856 811 487 762 1099 320 1477 429 1235 107 1456 789 998 612 162 877 1335 922 688 826 235 1471