Cisco SWITCH 1.0: Minimizing Service Loss and Data Theft
The audience profile for SkillSofts SWITCH 1.0: Implementing Cisco Switched Networks training will be established IT professionals who have completed 640-802 Cisco Certified Network Associate, or 640-822 Interconnecting Cisco Networking Devices Part 1 and 640-816 Interconnecting Cisco Networking Devices Part 2.
Please contact us for information about prerequisites.
In a switched network, a host of attacks can be launched at a switch and its ports. MAC flooding, rogue traffic “hopping” from one VLAN to another, spoofing attacks, as well as DHCP and Address Resolution Protocol (ARP) threats can occur at Layer 2. It is important that you implement basic security measures to guard against these types of Layer 2 malicious activities.
This course defines the potential vulnerabilities relating to VLANs that can occur within a network. After the vulnerabilities are identified, solutions for each vulnerability are discussed, and configuration commands are defined. This course discusses port security for denial of MAC spoofing and MAC flooding, and the use of private VLANs (PVLANs) and VLAN access control lists (VACLs) to control VLAN traffic. VLAN hopping, DHCP spoofing, Address Resolution Protocol (ARP) spoofing, and Spanning Tree Protocol (STP) attacks are also explained. In addition, potential problems and their solutions, and the method for securing the switch access, with use of vty access control lists (ACLs), and implementing the Secure Shell (SSH) Protocol for secure Telnet access are also covered.
Switch Security Issues
- recognize the vulnerabilities of switches to network attacks
- configure port security to block input from devices based on Layer 2 restrictions
- identify the features of AAA authentication
- employ 802.1X port-based authentication
- configure and verify port security
VLAN, Spoofing, and Network Service Attacks
- prevent VLAN hopping
- address VLAN security issues
- recognize the features of DHCP spoofing attacks
- configure switches to guard against DHCP threats
- recognize ARP threats
- identify the steps in IP Source Guard configuration
- identify CDP and LLDP vulnerabilities
- protect physical and virtual ports
- identify considerations when securing a switched network