10.3_Layer 2 Security Threats Flashcards
Switch Attack Categories
Security is only as strong as the weakest link in the system, and Layer___ is considered to be that weak link.
2
LAYER 2 ATTACKS
Includes MAC address flooding attacks.
MAC Table Attacks
LAYER 2 ATTACKS
Includes VLAN hopping and VLAN double-tagging attacks. It also includes attacks between devices on a common VLAN.
VLAN attacks
LAYER 2 ATTACKS
Includes VLAN hopping and VLAN double-tagging attacks. It also includes attacks between devices on a common VLAN.
DHCP Attacks
LAYER 2 ATTACKS
ARP Attacks includes ___
ARP spoofing and ARP poisoning attacks.
LAYER 2 ATTACKS
Includes MAC address and IP address spoofing attacks.
Address Spoofing Attacks
LAYER 2 ATTACKS
STP Attacks includes Spanning Tree Protocol ___.
manipulation attacks
Layer 2 Attack Mitigation
Prevents many types of attacks including MAC address flooding attacks and DHCP starvation attacks.
Port Security
Layer 2 Attack Mitigation
Prevents DHCP starvation and DHCP spoofing attacks.
DHCP Snooping
Layer 2 Attack Mitigation
Prevents ARP spoofing and ARP poisoning attacks.
Dynamic ARP Inspection (DAI)
Layer 2 Attack Mitigation
Prevents MAC and IP address spoofing attacks.
IP Source Guard (IPSG)
These Layer 2 solutions will not be effective if the management protocols are not secured. For example:
the management protocols Syslog, Simple Network Management Protocol (SNMP), Trivial File Transfer Protocol (TFTP), telnet, File Transfer Protocol (FTP) and most other common protocols are insecure
These Layer 2 solutions will not be effective if the management protocols are not secured. For example:
the management protocols Syslog, Simple Network Management Protocol (SNMP), Trivial File Transfer Protocol (TFTP), telnet, File Transfer Protocol (FTP) and most other common protocols are insecure
