Port Security
Switches are susceptible to a variety of attacks, including:
- MAC address flooding: In this kind of assault, a node is typically used to allow access to a switch. After that, they employ a device to communicate false source MAC addresses to the switch. The MAC address is added to the mac-address-table, which can only store a set amount of MAC addresses, to enable switch operation. The switch starts acting like a hub by flooding frames out of the ports when this database is full, making it impossible for it to forward traffic using unicast. This indicates that every frame for every node in the network is visible to the attacker.
- MAC-address spoofing: In this attack, a hacker pretends to be a DHCP server and replies with an address that enables them to view traffic from a specific node while legitimate clients ask for addresses from the server.
- Other frequent assaults might target CDP, telnet, or other technical flaws that can be exploited by the switch.
One method for defending the switch against such attacks is by using port security. Before the switch is implemented, all ports or interfaces should be secured. The number of valid MAC addresses that can use a port is constrained by port security.
One method of protecting a Cisco switch is port security. The following methods that configuration choices employing port security can secure the switch.
- Utilizing statically configured MAC addresses requires hardcoding a specific user node’s MAC address onto each port on a switch to designate that port to a certain user node. This indicates that only equipment with MAC addresses that match those configured can interact. This is a fantastic technique to establish security, however, given the size of the network, configuring the MAC addresses of the clients to the switch may be an administrative nightmare.
- A good technique to assure security on a switch is to use dynamic secure MAC addresses. The MAC addresses of the user nodes are specified to be learned and stored by the switch ports.
- Sticky MAC addresses can be used to make sure that only MAC addresses that have been dynamically learned can use the switch. Since these addresses are saved to the switch’s running configuration file, they are lost when rebooted.
- The maximum number of MAC addresses that can use a specific port can also be specified. This is a reliable method of preventing MAC address spoofing.
Switch Concepts and Configuration
A switch is a discrete piece of hardware that connects various computers to a single local area network (LAN). In the OSI model, network switches function at layer 2 (Data link layer).
- On the basis of MAC addresses, switches are utilized to forward the packets.
- The switch makes it possible for the device that has been addressed to receive the data.
- It checks the destination address before properly routing the packet.
- Full duplex operation is used.
- Since the source and destination are communicating directly, packet collision is minimal.
- It does not broadcast the message since its bandwidth is constrained.