本书详细解析了局域网(LAN)中以太网交换机的安全漏洞,并提供了相应的配置指南来预防或缓解攻击。内容覆盖了从交换机实现到控制平面及数据平面协议的各种安全风险,包括STP、CDP、ARP、DHCP等协议的安全问题。
Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. Use port security to protect against CAM attacks
*Prevent spanning-tree attacks*Isolate VLANs with proper configuration techniques
*Protect against rogue DHCP servers
*Block ARP snooping
*Prevent IPv6 neighbor discovery and router solicitation exploitation
*Identify Power over Ethernet vulnerabilities
*Mitigate risks from HSRP and VRPP
*Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols
*Understand and prevent DoS attacks against switches
*Enforce simple wirespeed security policies with ACLs
*Implement user authentication on a port base with IEEE 802.1x
*Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.
http://rapidshare.com/files/58141592/1587052563.zip
http://depositfiles.com/files/1878887
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
