Layer 2 Attacks
- CDP and LLDP reconnaissance
- VTY Lines Attacks
- MAC bases attacks: Mac flooding/CAM table overflow
- Spoofing attacks (ARP, DHCP, Server …)
- STP attacks
- VLAN hopping: Switch spoofing / 802.1q Double tagging
Layer 2 Security
- Secure Shell Protocol (SSH): SSH to secure incoming/outgoing Telnet connections; support of SSHv1 and v2
- Secure Sockets Layer (SSL): SSL to encrypt HTTP connections; advanced security for browser-based configuration via web interface
- IEEE 802.1X: IEEE 802.1X access control on all ports; RADIUS for authentication, authorization and accounting with MD5 hashing; guest VLAN; dynamic VLAN assignment
- Private VLAN edge: Layer 2 isolation between clients in the same VLAN (‘protected ports”); support multiple uplinks
- Port security: Locking of MAC addresses to ports; limiting of the number of learned MAC addresses
- IP source guard: Blocking access for illegal IP addresses on specific ports
- Access control lists (ACLs): Drop or rate limitation of connections based on source and destination MAC addresses, VLAN ID, IP address, protocol, port, DSCP/IP precedence,TCP/UDP source and destination ports, IEEE 802.1p priority, ICMP packets, IGMP packets, TCP flag
- RADIUS/TACACS+: Authentication, authorization and accounting of configuration changes by RADIUS or TACACS+
- Storm Control: Multicast/Broadcast/Unicast storm suppression
- Isolated Group: Allows certain ports to be designated as protected. All other ports are non-isolated. Traffic between isolated group members ist blocked. Trafficcan only be sent from isolated group to non-isolalted group.
Layer 3 Attacks
- Denial of Service (DOS)
- Packet Mistreating Attacks (PMA)
- Routing Table Poisoning (RTP)
- Hit and Run (HAR)
- Persistent Attacks (PA)
Layer 3 Security
- Intrusion Prevention: Monitoring and blocking of login attempts and port scans
- IP Spoofing: Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed
- Access control lists (ACLs): Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI
- Denial of Service protection: Protection from fragmentation errors and SYN flooding
- General: Detailed settings for handling reassembly, PING, stealth mode and AUTH port
- Password protection: Password-protected configuration access can be set for each interface
- Alerts via e-mail, SNMP traps and SYSLOG
- Authentication mechanisms: PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication mechanism
- Anti-theft: Anti-theft ISDN site verification over B or D channel (self-initiated call back and blocking)
- Adjustable reset button: Adjustable reset button for ‘ignore’, ‘boot-only’ and ‘reset-or-boot’
Intrusion detection system (IDS)
- Network-based intrusion prevention system (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.
- Wireless intrusion prevention system (WIPS): monitor a wireless network for suspicious traffic by analyzing wireless networking protocols.
Network behavior analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware and policy violations.
- Host-based intrusion prevention system (HIPS): : an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.
- Signature-based detection: Signature-based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures.
- Statistical anomaly-based detection: An IDS which is anomaly-based will monitor network traffic and compare it against an established baseline. The baseline will identify what is “normal” for that network – what sort of bandwidth is generally used and what protocols are used. It may however, raise a False Positive alarm for legitimate use of bandwidth if the baselines are not intelligently configured.
- Stateful protocol analysis detection: This method identifies deviations of protocol states by comparing observed events with “pre-determined profiles of generally accepted definitions of benign activity”.