LAN Security with Cisco

In a LAN evironment, MAC flooding and MAC spoofing attacks can be extremely effective. Gone are the times where hubs use to dominate the network. Switches have gone a long way in mitigating Man-in-the-middle attacks. If you are still using hubs in your network, then its time to put that budget focus on getting some switches.

However, it is still quite easy to carry out attacks in a switches environment. These attacks can help an attacker collect valuable information, such as usernames and passwords, or simply impact the proper operation of your LAN.

Fortunately there are some easy ways to protect ourselves from these attacks. One of these provided by Cisco switches is Port Security.

Port Security protects us by recognising spoofed mac addresses. A security violation occurs when the source MAC address of a frame differs from the list of secure addresses.

At that point, three actions are possible:
• The port error-disables for a specified duration. (It can be unlimited, but if not, automatic recovery can be performed.) An Simple Network Management Protocol (SNMP) trap can also be generated to notify about this.
• The port drops frames from unknown addresses (protect mode).
• The port drops frames from unknown addresses and increments a violation counter.
SNMP traps generation is possible on some releases/Cisco switches (restrict mode).

Details about how to configure Port Security can be seen here for CatOS and here for IOS switches.