Network Security v1.0 - Module 14 (Layer 2 Security Considerations)
Module 14: Layer 2 Security Considerations
Layer 2 Vulnerabilities:
MAC Table Attacks:
MAC Table Overflow: Flooding a switch's MAC table with fake addresses to exhaust its resources, causing it to broadcast frames to all ports.
Port Security: Prevent MAC table attacks by limiting the number of MAC addresses allowed on a port and using static or sticky MAC address assignments.
VLAN Hopping:
VLAN Hopping Attack: Involves exploiting a switch’s default configuration to create trunk links with unauthorized devices, enabling attackers to access multiple VLANs.
Prevention: Disable DTP (Dynamic Trunking Protocol) on non-trunking ports and set the native VLAN to something other than VLAN 1.
Private VLANs (PVLANs):
Provide isolation between ports within the same VLAN. This prevents one device from sniffing traffic on another device's port within the same broadcast domain.
PVLAN Edge Feature: Ensures no Layer 2 communication between protected ports on the same switch.
Mitigating DHCP Attacks: