LAN Switch Security: What Hackers Know About Your Switches

版权声明：原创作品，允许转载，转载时请务必以超链接形式标明文章原始出版、作者信息和本声明。否则将追究法律责任。http://blog.csdn.net/topmvp - topmvp

Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks.Use port security to protect against CAM attacks

*Prevent spanning-tree attacks
*Isolate VLANs with proper configuration techniques
*Protect against rogue DHCP servers
*Block ARP snooping
*Prevent IPv6 neighbor discovery and router solicitation exploitation
*Identify Power over Ethernet vulnerabilities
*Mitigate risks from HSRP and VRPP
*Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols
*Understand and prevent DoS attacks against switches
*Enforce simple wirespeed security policies with ACLs
*Implement user authentication on a port base with IEEE 802.1x
*Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.

http://rapidshare.com/files/58141592/1587052563.zip
http://depositfiles.com/files/1878887