Home arrow Site Administration arrow Page 2 - Network Device Security

Switches - Administration

This chapter focuses on using routers and switches to increase the security of the network as well as provide appropriate configuration steps for protecting the devices themselves against attacks. The chapter is from the book, Network Security: The Complete Reference, by Mark Rhodes-Ousley, Roberta Bragg, and Keith Strassberg (McGraw-Hill/Osborne, 2003, ISBN: 0072226978).

  1. Network Device Security
  2. Switches
  3. Routers
  4. Network Hardening
  5. Administrative Practices
  6. Centralizing Account Management
  7. SNMP and ICMP
By: McGraw-Hill/Osborne
Rating: starstarstarstarstar / 19
May 25, 2004

print this article



From a network operation perspective, switches are layer two devices and routers are layer three devices (though as technology advances, switches are being built with capabilities at all seven layers of the OSI model).

Switches are the evolving descendents of the network hub. Hubs were dumb devices used to transmit packets between devices connected to them, and they functioned by retransmitting each and every packet received on one port out through all of its other ports. This created scalability problems, because as the number of connected workstations and volume of network communications increased, collisions became more frequent, degrading performance. A collision occurs when two devices transmit a packet onto the network at almost the exact same moment, causing them to overlap and thus mangling them. When this happens, each device must detect the collision and then retransmit their packet in its entirety. As more and more devices are attached to the same hub, and more hubs are interconnected, the chance that two nodes transmit at the same time increases, and collisions became more frequent. In addition, as the size of the network increases, the distance and time a packet is in transit over the network also increases, making collisions more likely again. Thus, it is necessary to keep the size of such networks very small to achieve acceptable levels of performance.

To overcome the performance shortcomings of hubs, switches were developed. Switches are intelligent devices that learn the various MAC addresses of connected devices and will only transmit packets to the devices they are specifically addressed to. Since each packet is not rebroadcast to every connected device, the likelihood that two packets will collide is significantly reduced. In addition, switches provide a security benefit by reducing the ability to monitor or “sniff” another workstation’s traffic. With a hub, every workstation would see all traffic on that hub; with a switch, every workstation will only see its own traffic.

A switched network cannot absolutely eliminate the ability to sniff traffic. A hacker can trick a local network segment into sending it another workstation’s traffic with an attack known as ARP poisoning. ARP poisoning works by forging replies to ARP broadcasts. For example, suppose malicious workstation Attacker wishes to monitor the traffic of workstation Victim, another host on the local switched network segment. To accomplish this, Attacker would broadcast an ARP packet onto the network containing Victim’s IP address but Attacker’s MAC address. Any workstation that receives this broadcast would update its ARP tables and thereafter would send all of Victim’s traffic to Attacker. This ARP packet is commonly called a gratuitous ARP and is used to announce a new workstation attaching to the network. To avoid alerting Victim that something is wrong, Attacker would immediately forward any packets received for Victim to Victim. Otherwise Victim would soon wonder why network communications weren’t working. The most severe form of this attack is where the Victim is the local router interface. In this situation, Attacker would receive and monitor all traffic entering and leaving the local segment. While ARP poisoning attacks appear complicated, there are several tools available that automate the attack process, such as Ettercap shown in Figure 10-1 (http://ettercap.sourceforge.net) and HUNT (http://lin.fsid.cvut.cz/~kra/index.html#HUNT). The figure shows an attacker using Ettercap to ARP poison the local segments default gateway on a switched network.

To reduce a network’s exposure to ARP poisoning attacks, segregate sensitive hosts between layer three devices or use virtual LAN (VLAN) functionality on switches. For highly sensitive hosts, administrators may wish to statically define important MAC entries, such as the default gateway. Statically defined MAC entries will take precedence over MAC entries that are learned via ARP.

FIGURE 1: Ettercap spoofing the default gateway 

This chapter is from Network Security: The Complete Reference, by Mark Rhodes-Ousley, Roberta Bragg, and Keith Strassberg (McGraw-Hill/Osborne, 2003, ISBN: 0072226978). Check it out at your favorite bookstore today. Buy this book now.

>>> More Site Administration Articles          >>> More By McGraw-Hill/Osborne

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates


Dev Shed Tutorial Topics: