427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet126/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   122   123   124   125   126   127   128   129   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
Botnet Detection: Tools and Techniques • Chapter 5
153
427_Botnet_05.qxd 1/9/07 9:59 AM Page 153

Cisco switches have long supported a port security feature in a number of
variations. For example, a switch can be configured to statically lock down a
MAC address, or it can be configured to dynamically learn the first MAC
address it sees.This makes flooding the switch table unlikely. A number of the
switch configuration features are relatively new in the world and can be
found in recent Cisco Catalyst switches. See Charlie Schluting’s excellent
article,
Configure Your Catalyst For a More Secure Layer 2
, for more information:
www.enterprisenetworkingplanet.com/netsecur/article.php/3462211.
Schluting tells us that:

Cisco switches can track DHCP assignments.Therefore, they know
which IP address is associated with which MAC address at which
port.This feature is called 
DHCP snooping
. DHCP snooping enables
other features and helps protect against the possibility of a DHCP-
based MITM attack because the switch ends up knowing where the
real DHCP server lives.

A related feature called 
IP Source Guard
means that a host cannot use
another IP than the one assigned to it with DHCP.

In addition, the switches have an ARP spoofing feature called 
dynamic
ARP inspection
.This feature prevents the switch from allowing ARP
spoofing attacks.The IP address and MAC address must match.
These new features, along with traditional port security, can help make the
Layer 2 switched environment much safer.
From the infrastructure point of view, here are several techniques that
could help security:
1. Limit the number of hosts in a VLAN (or broadcast domain) as much
as possible. From a redundancy point of view, it has never been a
good idea to have all hosts in an enterprise on one IP subnet, simply
because a broadcast storm or Layer 2 loop can take out the subnet.
But if you consider password-sniffing attacks (or even password-
guessing attacks), it could be useful to limit the number of hosts in
the subnet anyway. For example, knowledge of an ARP table on an
exploited host gives the exploiter knowledge about possible fan-out
attacks. If you reduce the possible size of the ARP table, the scope of

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   122   123   124   125   126   127   128   129   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish