minimizing service loss and data theft

8

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against VLAN Attacks

Upload: nola-gilliam

Post on 01-Jan-2016

22 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

DESCRIPTION

Protecting Against VLAN Attacks. Minimizing Service Loss and Data Theft. Explaining VLAN Hopping. An attacking system spoofs itself as a legitimate trunk negotiating device. A trunk link is negotiated dynamically. An attacking device gains access on all VLANs carried by the trunk. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Minimizing Service Loss and Data Theft

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1

Minimizing Service Loss and Data Theft

Protecting Against VLAN Attacks

Page 2: Minimizing Service Loss and Data Theft

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-2

Explaining VLAN Hopping

An attacking system spoofs itself as a legitimate trunk negotiating device.

A trunk link is negotiated dynamically.

An attacking device gains access on all VLANs carried by the trunk

Page 3: Minimizing Service Loss and Data Theft

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-3

VLAN Hopping with Double Tagging

Double tagging allows a frame to be forwarded to a destination VLAN other than the VLAN of the source.

Page 4: Minimizing Service Loss and Data Theft

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-4

Mitigating VLAN Hopping

Unused ports Shut down all unused ports. Configure all unused ports to access mode. Configure an access VLAN on all unused ports to an unused

VLAN. Configure a native trunk VLAN on all unused ports to an unused

VLAN.

Trunk ports Configure a trunk port with trunk mode on, and disable trunk

negotiation. Configure a native trunk VLAN on trunk ports to an unused VLAN. Configure the allowed VLANs on the trunk ports, and do not allow

a native VLAN.

Page 5: Minimizing Service Loss and Data Theft

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-5

Types of ACLs

Page 6: Minimizing Service Loss and Data Theft

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-6

Configuring VACLs

Create an access list. Configure an access map. Create a VLAN filter. Example: Drop all traffic from network 10.1.9.0/24 on VLAN 10

and 20, and drop all traffic to backup server 0000.1111.4444.

switch(config)# access-list 100 permit ip 10.1.9.0 0.0.0.255 anySwitch(config)# mac access-list extended BACKUP_SERVERSwitch(config-ext-mac)# permit any host 0000.1111.4444 switch(config)# vlan access-map XYZ 10switch(config-map)# match ip address 100switch(config-map)# action dropswitch(config-map)# vlan access-map XYZ 20switch(config-map)# match mac address BACKUP_SERVERSwitch(config-map)# action dropswitch(config-map)# vlan access-map XYZ 30switch(config-map)# action forwardswitch(config)# vlan filter XYZ vlan-list 10,20

Page 7: Minimizing Service Loss and Data Theft

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-7

Summary

VLAN hopping can allow Layer 2 unauthorized access to another VLAN.

VLAN hopping can be mitigated by:

– Properly configuring 802.1Q trunks

– Turning off trunk negotiation Access lists can be applied to VLANs to limit Layer 2 access. VACLs can be configured on Cisco Catalyst switches.

Page 8: Minimizing Service Loss and Data Theft

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-8

Mobile Theft & Loss Report - Data Protection · 2019-02-25 · Mobile Theft & Loss Report 2018 05 Knowing Theft Prey has reached the 10-year milestone as a company in the theft and

Action in case of loss/theft. Theft Burglary/theft/Loss in Post office – Cases of break open overnight or otherwise – Immediate complaint(FIR) to be lodged

5 Minimizing Transmission Loss in Smart Microgrids by ...irwin/tcps.pdf · 5 Minimizing Transmission Loss in Smart Microgrids by Sharing Renewable Energy ZHICHUAN HUANG and TING ZHU,

Protecting iP Data From Loss anD theFt › media › solution_spotlight › ...Protecting i P Data From Loss an D theFt: The Shor TeST PaTh To Preven Tion and r iSk reducTionPage 3

Minimizing Handoff Latency and Packet Loss in NEMO

Employee Theft and Staff Dishonesty - … Theft and Staff Dishonesty ... loss prevention, ... ations of retail industry crime and prevention strategies employed by companies

Minimizing loss at times of financial crisis : quantile

Chap 8 -Minimising Service Loss & Data Theft

Minimizing Loss To Follow Up: Supporting Physicians

Minimizing Structural Energy Loss

ShockWatch Blood Temp Minimizing loss & mitigating risk with ShockWatch Blood Temp

Loss Prevention “Facts of Life” - IAAPA · Loss Prevention “Facts of Life ... Internal Theft is a Problem –2007 Retail Survey: $35B Shrinkage –44% due to Internal Theft

Optimizing Cost and Minimizing Energy Loss for Race-Track LHeC Design

Ponzi Schemes: Claiming Tax Deductions for Theft Loss

Inventory Loss: Guarding Yourself Against Theft and Error

Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss

Minimizing Calibrated Loss using Stochastic Low-Rank ... · Minimizing Calibrated Loss using Stochastic Low-Rank Newton Descent for large scale image classi cation Wafa Bel Haj Ali,

Mobile Theft & Loss Report...Mobile Theft & Loss Report | March 2020 05 The Evolution of Theft The first edition of the Mobile Theft & Loss Report, which represented 2018’s theft

Minimizing Phosphorus Loss with 4R Practices & Cover Crops · 2018-06-03 · Minimizing Phosphorus Loss with 4R Practices & Cover Crops Nathan Nelson, David Abel, Kraig Roozeboom,

Minimizing Power Loss in a Distribution System by Optimal

Mobile Insurance from ø Accidental Loss and Theft …...Your O2 Mobile Insurance Policy Covering Accidental Loss and Theft Policy Summary This is a summary of the cover provided by

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks

Theft and Loss of Electricity in an Indian - Home - · PDF fileTheft and Loss of Electricity in an Indian State Miriam Golden Brian Min February 2012. Theft and Loss of Electricity

Global Security Through Minimizing oject · Global Security Through Minimizing Food Loss and Food Waste Despite changes in administration, the United States National Security Strategy

Loss Prevention, Risk Management and Theft Businesses must deal with theft daily. There are two types of product theft, employee and shoplifter

Digital Multimode Buck Converter Control With Loss-Minimizing Synchronous Rectifier Adaptation

Protect against viruses, malware, misuse and theft Protect against data theft or loss, identity theft and fraud Avoid scams, savvy social networking and

Stop loss - software solution designed to protect your assets from theft and fraudulent

Temperature Indicators for Seafood Minimizing loss & mitigating risk with ShockWatch temperature indicators

Theft and Loss of Electricity in an Indian · power theft in their locality increases. Our interpretation of these various results is that power theft exhibits characteristics consistent

Theft, Accidental Loss and Accidental Damage …...The Device is covered against accidental loss, accidental damage and theft during the period of insurance. 1.1.2 Main Benefits 1.1.2.1

Why do you need to think about security? Data loss System loss Identity theft

Minimizing Service Loss and Data Theft

Select Agents and Toxins Theft, Loss or Release ... LOSS RELEA… · 1 Select Agents and Toxins Theft, Loss or Release Information Document 7 CFR Part 331.19, 9 CFR Part 121.19, 42

Tips loss or theft A3 POSTER FINAL outlined copy...Title Tips loss or theft A3 POSTER FINAL outlined copy Created Date 3/26/2019 6:16:32 PM