Switch Security

An important part of securing our network involves the layer 2 parts of the network, specifically the switches. Many people think of attacks originating from outside and  tend to ignore the security vulnerabilities that can be exploited with switches, but these devices are just as vulnerable as high layer devices but are just attacked in different ways.

These attackes  are usually an inside job , an originated from seemingly innocent sources like DHCP , ARP CDP, telnet, etc.
The attacker’s goal is to become the Man-In-The-Middle, with a naive user sending packets to the attacker as if it were a router. The attacker can glean information from the packets sent to it before it forwards them normally. In this post



 This switch security  section  check on t these potential threats and at the different  configurations that can be used to avoid them.We will do this in packet tracert  so you can graphically understand what we are doing and with real equipment as well the ones not available through PT.


In this post I’ll describe different security  features of Cisco Catalyst switch :

1. DHCP Snooping 
2. Errdisable Concept
3. Port Security
4. Dot1x port-based authentication
5.  Storm Control
6. Span (In the "Switch Features "section of this blog)
7.  IP Source Guard
8.  Private VLAN
9.  Dynamic ARP Inspection

These security features  will prevent certain types of malicious attacks  and will enhance your network security..

We invite everyone to try these labs in their home to improve your switch security skills..