Putting 2 2 together l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

Putting 2 & 2 Together PowerPoint PPT Presentation


  • 58 Views
  • Uploaded on
  • Presentation posted in: General

Putting 2 & 2 Together. By Stephen Dugan, CCSI [email protected] Introduction. Welcome to the presentation and Thank you for coming! Who is the speaker? What is the focus of the presentation?. Introduction Section 1 – Current Design Best Practices

Download Presentation

Putting 2 & 2 Together

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Putting 2 2 together l.jpg

Putting 2 & 2 Together

By Stephen Dugan, CCSI

[email protected]


Introduction l.jpg

Introduction

Welcome to the presentation

and

Thank you for coming!

  • Who is the speaker?

  • What is the focus of the presentation?


Agenda l.jpg

Introduction

Section 1 – Current Design Best Practices

Section 2 – Emerging Design Practices

Extras?

Agenda


Section 1 l.jpg

Section 1

Current Design Model


Building block of network design l.jpg

Building Block of Network Design

Access

Distribution

Ethernet

Layer 2 or Layer 3

CORE

Building Block

Additions

Server Farm

WAN

Internet

PSTN


Section 1 current design model l.jpg

Section 1 – Current Design Model

Features:

Link redundancy

Load-Sharing

Fast Convergence

Manageable

Scalable

Security could be stronger….


Section 1 current design model7 l.jpg

Section 1 – Current Design Model

L2 Functions that provide security:

Root Guard

PortFast

BPDU Guard

Port Security

Management VLAN

Private VLANs


Section 1 current design model8 l.jpg

Section 1 – Current Design Model

L3 Functions that provide security:

ACLs at Distribution Layer:

Ingress - Egress from Core

Route Filtering

Network Based IDS (if used?!?)


Section 1 current design model9 l.jpg

Section 1 – Current Design Model

Hard issues to Address with this design:

HSRP insecurities

STP weaknesses

ARP Spoofing

Common mis-configurations


Section 2 l.jpg

Section 2

Emerging Changes to Design Model


Section 2 emerging changes l.jpg

Section 2 – Emerging Changes

Main Changes is focusing around bringing the Layer 3 Routing functionality close to the end stations.

OR

R2D

Routing to Desktop


Section 2 emerging changes12 l.jpg

Section 2 – Emerging Changes

Access

Layer 3

Distribution

Layer 3

Core L2 or L3

From the Physical Layout it looks the same (Good news no Rewire!)


Section 2 emerging changes13 l.jpg

Section 2 – Emerging Changes

With L3 Capabilities within the

Access-Layer Box:

HSRP isn’t needed

STP is irrelevant

Routing to Distribution Layer

Concept of “Private-VLANs” can

be implemented easily

L3


Section 2 emerging changes14 l.jpg

Section 2 – Emerging Changes

Security Problems Solved:

ARP Spoofing

ROOT Take over

HSRP MiTM Attack (or DOS)

Better QOS handling (NBAR)

L3


Section 2 emerging changes15 l.jpg

Section 2 – Emerging Changes

Dist.

Dist.

GigE

OSPF or EIGRP

GigE

OSPF or EIGRP

Access Layer

VLAN 6

VLAN 5

VLAN 3

VLAN 4

VLAN 2


Links l.jpg

Links

  • General Cisco Security

    • http://www.cisco.com/warp/public/707/21.html#http

    • http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip

    • http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm

  • Design

    • http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/gcnd_wp.htm


Thank you for coming l.jpg

Thank you for coming!!

Special thanks to

Jeff Moss, Keith Myers and the rest of the Black Hat Crew.


  • Login