tailieunhanh - Lecture CCNA security partner - Chapter 5: Securing the Data Plane on Cisco Catalyst Switches

Topics covered in this chapter include the following: An introduction to fundamental switching concepts, starting with the building blocks of VLANs and trunking; an introduction to other building blocks of switching technology, including Spanning Tree Protocol for high availability; a revisit and further explanation of security threats that exploit vulnerabilities in the switching infrastructure;. | Securing the Data Plane on Cisco Catalyst Switches 1 Contents Topics covered in this chapter include the following: • An introduction to fundamental switching concepts, starting with the building blocks of VLANs and trunking • An introduction to other building blocks of switching technology, including Spanning Tree Protocol for high availability • A revisit and further explanation of security threats that exploit vulnerabilities in the switching infrastructure • A description of how to plan and develop a strategy for protecting the data plane • A description of the Spanning Tree Protocol Toolkit found on Cisco IOS routers that prevents STP operations from having an impact on the security posture • A review of port security and how to configure it, to illustrate security controls that are aimed at mitigating MAC spoofing and other threats Overview Overview of VLANs and Trunking Trunking and Tagging DTP (Dynamic Trunking Protocol) Native VLANs Configuring VLANs and Trunks | Securing the Data Plane on Cisco Catalyst Switches 1 Contents Topics covered in this chapter include the following: • An introduction to fundamental switching concepts, starting with the building blocks of VLANs and trunking • An introduction to other building blocks of switching technology, including Spanning Tree Protocol for high availability • A revisit and further explanation of security threats that exploit vulnerabilities in the switching infrastructure • A description of how to plan and develop a strategy for protecting the data plane • A description of the Spanning Tree Protocol Toolkit found on Cisco IOS routers that prevents STP operations from having an impact on the security posture • A review of port security and how to configure it, to illustrate security controls that are aimed at mitigating MAC spoofing and other threats Overview Overview of VLANs and Trunking Trunking and Tagging DTP (Dynamic Trunking Protocol) Native VLANs Configuring VLANs and Trunks Configuring Inter-VLAN Routing Spanning Tree Overview STP , RSTP, PVRST+ Mitigating Layer 2 Attacks 4 Domino Effect If Layer 2 is Compromised Layer 2 independence enables interoperability and interconnectivity. However, from a security perspective, Layer 2 independence creates a challenge because a compromise at one layer is not always known by the other layers. If the initial attack comes in at Layer 2, the rest of the network can be compromised in an instant. Network security is only as strong as the weakest link, and that link might be the data link layer Layer 2 Best Practices The following list suggests Layer 2 security best practices. All of these suggestions are dependent upon your security policy. • Manage switches in as secure a manner as possible (SSH, OOB, permit lists, and so on). • Whenever practical, declare the VLAN ID used on trunk ports with the switchport trunk allowed vlan command • Do not use VLAN 1 for anything. • Set all user ports to nontrunking (unless .

• An ninh - Bảo mật
• CCNA Security Partner
• Network Security
• Native VLANs
• Configuring VLANs
• Configuring Inter VLAN routing
• Spanning Tree
• Purpose of security
• Basic security requirements
• Managing the risk
• Risk analysis
• Security strategy
• Cisco borderless Network
• Cisco borderless Network architecture
• Borderless Networks
• Threat control strategy
• Network security threats
• Threat control design
• Security intelligence analysis
• Network Foundation Protection
• Cisco Configuration Professional
• Cisco NFP Framework
• Secure management
• Securing the management plane
• Cisco IOS devices
• Network Time Protocol
• Simple Network Management Protocol
• IPv6 environments
• IPv6 headers
• IPv6 address types
• Configure IPv6 addressing
• Access Control Lists
• Threat mitigation
• Operational framework
• VLSM environments
• Firewall Fundamentals
• Network Address Translation
• Firewall technologies
• Application layer firewalls
• Cisco IOS Zone Based Firewall
• Cisco IOS Zone Based Policy Firewall
• Intrusion Prevention Systems
• IPS fundamentals
• IPS attack responses
• IPS Anti Evasion techniques
• Fundamentals of cryptography
• VPN technologies
• Public Key Infrastructure
• IPsec fundamentals
• IPsec protocol
• IPsec’s main components
• Site to Site IPsec VPNs
• Cisco IOS Routers
• VPN configuration
• Cisco SSL VPNs
• Protocol framework
• Cisco VPN clientless mode
• Cisco full tunnel mode