AT-8500 L2+ Switches and Network Security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 33

AT-8500 L2+ Switches and Network Security PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

AT-8500 L2+ Switches and Network Security. Managed Fast Ethernet Switches with Denial of Service (DoS) Attack Protection. Agenda. The Security Issue AT-8500 Overview Market Applications Security in further detail DOS attack Prevention Security Tools QOS

Download Presentation

AT-8500 L2+ Switches and Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

At 8500 l2 switches and network security

AT-8500 L2+ Switches and Network Security

Managed Fast Ethernet Switches with Denial of Service (DoS) Attack Protection



  • The Security Issue

  • AT-8500 Overview

  • Market Applications

  • Security in further detail

    • DOS attack Prevention

    • Security Tools

  • QOS

  • 802.1s (MSTP)

  • Q & A

Network security what are the issues

Network Security: What are the Issues?

  • Viruses and network attacks growing at an alarming rate:

    • Volume of viruses increasing at 40% pa

    • New methods of spreading viruses

    • Companies experience approx. 38 attacks per week on average

    • Growing number of peer to peer, instant messaging programs ands remote workstations open up new ways of spreading malicious code

      • Staff misuse accounts for 7% of total (DTI)

    • DoS attacks (accidental and deliberate)

      • A 25% increase over the past 12 months (

    • The MS Blast worm was blamed for 33% of all infections in small firms and 50% in larger companies

At 8500 overview

AT-8500 Overview

  • AT-8500

  • Layer 2 Managed Switch (Aggregation/Edge/Wiring Closet)

  • 1 RU Factor 19” Rack Mountable

  • 10/100 Modular and 2 modular bays

  • Medium to High port densities 16, 24 ,& 48 port configurations

  • 16 Port AT-8516F SC/LC version for higher distance deployments or added security

  • Content Aware Switch provides more intelligence at the edge for important applications (QOS and DOS prevention, ACLs)

  • Fully Managed Switch; SNMP, Secure Web (SSL) and Secure Telnet (SSH)

At 8500 l2 switches one further layer of protection

AT-8500 L2+ switches – One further layer of protection

Intelligent chip-setrecognises DOS attackand restricts trafficto neutralise threat

Complements WANfirewall andPC anti-virus measures

Pre-programmed todetect six well knowndos attacks

Only authorisedindividuals can accessthe network

Data is encrypted for maximum security

Provides the abilityto deploy ‘Tiered Security’to unsecured areas

  • Additional security features

  • SSL and SSH

  • 802.1x

  • L2-L4 Access Control List

  • Radius and TACACS+

8500 educational application

Educational Concerns

Security – Just by their nature Educational Networks are very susceptible to machine compromises and intrusion

DOS attack prevention

Implementing Effective Security Policies

Multicast - Distance Learning Applications and Machine Imaging

IGMP Snooping v1 and v2

Ease of management for mobile students

Dynamic VLANs

Enhanced Stacking for large switch deployments

8500 Educational Application


Wiring Closet

Computer Lab

Library & Multimedia



8500 enterprise application

Enterprise Concerns

Security – Must protect integrity of network and data, and ensure network uptime for productivity

DOS attack prevention

Implementing Effective Security Policies

Redundancy – Network uptime critical


QOS – VoIP, and other time sensitive services

802.1p and QOS

VLAN network segmentation

802.1q, bridge network segments across switch boundaries securely

Multicast Video Conferencing and shared white board applications

IGMP Snooping v1 and v2

Management in the Wiring Closet

Enhanced Stacking

8500 Enterprise Application


Wiring Closet

VoIP and Data (QOS)

Video and Multicast


8500 financial institution application

Financial Institution Concerns

Security – preserve integrity of network to ensure maximum availability

DOS attack prevention

Implementing Effective Security Policies


“Fiber to the Desktop” AT-8516F SC/LC

VLAN 802.1q

8500 Financial Institution Application


Wiring Closet

Account Data

File Servers


8500 security dos attack prevention

8500 Security – DOS attack prevention

  • Importance of a modern day secure network

  • 2003 was a record year for Worms, Hacker Attacks, and Viruses

  • Experts already estimate that 2004 will surpass 2003 (already Mydoom made big headlines this year)

  • Worms are predicated on the idea of self propagating code specifically built with various intentions, mostly to cause harm and detriment to computers & networks. Popular use of worms are the propagation of DOS and DDOS Attacks

  • DOS attacks cost Millions of dollars each year are in terms of lost revenues, damaged reputation, and productivity

  • Every network is prone to being affected by DOS attacks, some more than other by their inherent structure and users.

  • There are many forms of securing networks, and mitigating the impact of DOS attacks and the spread of worms

  • Effective security means of preventing worms and stopping DOS attacks are through the creation of good Security Policies and these policies start at the edge of the network

Dos attacks

Dos Attacks

  • DOS Attacks come in various forms and modes of operation

    • Overwhelming consumption of finite system resources so that legitimate users cannot use them

    • Capitalizing on a system bug or flaw that will interrupt service or bring the system down

  • Detect and Perform action

    • Implement algorithms to detect violations, once detected logging the event, rate limit, or drop traffic

  • AT-8500 protects networks against the 6 most popular DOS style attacks

6 most common dos attacks

6 Most Common DOS Attacks

  • SYN-Flood

    • target machine: will suffer performance and may not be able to service real connections, resulting in perceived downtime.

    • Sending machine: network will forward thousands of packets per second, impacting network performance.

  • LAND

    • Target machine will crash or hang

  • IP Options

    • This attack will cause the target machine to crash

  • Teardrop

    • Target machine crashes


    • Receiver: Attack will degrade network performance. Sender: may create bottlenecks in small bandwidth pipes like T1s on senders network.

  • Ping of Death

    • Will cause device under attack to crash when attempting to reassemble oversized payload

Sample dos attack

Sample DOS Attack





192. 168.0.0/24



Infected host



Echo replies will congest uplinks due to amplification

Source IP filter will prevent

Spoofed ping packet

How to implement a security policy

How to implement a Security Policy

  • Security Policy

    • Determine a level of security that is acceptable to protect the network while still providing a level of acceptable service to users

    • Documentation and communication of written policies and procedures to direct and inform users of acceptable usage and security practices

    • Technology that enforces that level of security

  • Tools that help administrators implement effective security policies for management and access:

    • SSH & SSL

      • Secure remote management of the switch

      • Encrypts management session so that important information cannot be snooped

    • Radius & TACACS+ Authentication

      • Provides user level Authentication and Accounting function

    • 802.1x

      • Limit access to who can and cannot enter the network

    • Port Security

      • Restrictions on MAC addresses learned per port

    • L2-4 ACLs

      • Enables Network Administrators to implement access lists to limit access to switch, usage, or any definable L2-4 criteria

    • Logging

      • Logs events and traps to systems or remotely via syslog

    • Management Access Control

      • Controls and limits management access to the switch via IP addresses

At 8500 qos

End-to-End QOS Domain

QOS enables you to prioritize traffic, reducing latency and jitter

exists two important functions in QOS system

Classify Traffic

Perform Action

AT-8500 QOS

Classify traffic according to:

Flows (SA/DA and port numbers)

Addresses (SRC/DEST IP Address, subnets)

Protocols (TCP, UDP, HTTP, FTP, etc)


Ingress perform the Following actions:

Tag Packet

Drop Traffic

Rate Limit

Egress AT-8500 Supports 4 Priority Queues and 2 Scheduling mechanisms

Queue Traffic

WWR and Strict

AT-8500 QOS

At 8500 qos1

AT-8500 QOS

  • AT-8500 QOS capabilities

  • mark 802.1p priorities

    • Based on broad classified traffic filters 802.1p priorities can be set for all 8 levels (but only 4 queues)

    • Finer classification and definition of prioritized traffic

  • mark IP TOS field

    • Important to provide End-to-End QOS over layer 3 network

    • Can perform actions based on either field and translate from 802.1p to IP TOS and vice and versa

  • Strict and WRR Policies allow more flexibility in Scheduling

    • Strict scheduling could be used to critical traffic such as network control traffic, and de-prioritize ICMP and other non-critical network traffic

    • WRR allows network administrator weight each of the 4 queues

At 8500 l2 switches and network security


  • Multiple Spanning Tree Protocol

  • Effective feature for large switch environments utilizing complex or numerous VLAN configurations

  • Much easier to manage such an environment using MSTP, than STP or RSTP

    • Utilize 802.1q tagged ports efficiently throughout your network backbone

  • Supports multiple instances of Spanning Tree in a bridged domain

  • Features rapid convergence like RSTP

  • Provides Flexibility to deploy VLAN where needed, and at the same time provide L2 redundancy via back up links.

    • Configure 802.1p ports with pertinent and not all VLANs

    • Isolate VLANs to certain areas of the network and not over all switches

Mstp example configuration

MSTP Example Configuration







VLAN 1, 2, 3





Ieee 802 1s multiple spanning tree

Old Spanning Tree

802.1D – STP

Allow all or block all VLANs coming from a port

Slow Convergence

802.1w – RSTP

Allow all or block all VLANs coming from a port

Non standard-based PVST

Consumes too much CPU time and network bandwidth (with control traffic)

802.1s advantages:

Eliminates all limitations mentioned above

IEEE 802.1s (Multiple Spanning Tree)



  • Main Points

  • Security, Security, Security

    • Help make your clients understand the importance of security policies, and how the AT-8500 can help enforce effective security policies at the edge.

    • Check appendix for links on informative sites

  • AT-8500 Layer 2+ with Layer 2-4 awareness

    • Allow more effective security policies at the edge

    • End-to-End QOS

  • DOS Attack prevention

    • Protect against 6 common DOS style attacks

    • useful features to implement effective security policies

  • MSTP

    • More flexibility for large enterprises or layer 2 networks

8500 competitive overview

8500 Competitive overview

  • HP ProCurve 2626, 2626PWR and 2650

  • Cisco Catalyst 2950 24/48 ports

  • 3Com SuperStack 4400 24/48 ports and PWR

  • D-Link DES3526, 3550

Selling against hp procurve 2600

Selling AgainstHP ProCurve 2600 


  • 2626: 24p 10/100+ 2SFP or 2 GIG

  • 2626-PWR: 24p 10/100 POE+ 2 SFP or 2 GIG

  • 2650: 48p 10/100+ 2 SFP or 2 GIG

Selling against cisco catalyst 2950

Selling AgainstCisco Catalyst 2950


  • 2950-24-SI: 24p 10/100

  • 2950SX-24-SI: 24p 10/100+ 2 fixed 1000BaseSX

  • 2950SX-48-SI: 48p 10/100+ 2 fixed 1000BaseSX

Selling against 3com

Selling Against3Com 


  • 4400SE-24: entry level L2 only 24p 10/100 with 2 modules

  • 4400-24: L2/L4 24p 10/100 with 2 modules

  • 4400FX-24: L2/ L4 24p 100FX with 2 modules

  • 4400-PWR: L2/L4 24p POE 10/100 with 2 modules

  • 4400-48: L2/L4 48p 10/100 with 2 modules

Selling against d link

Selling AgainstD-LINK


  • 3526: 24p 10/100 with 2 combo GIG copper/ SFP

  • 3526DC: 24p 10/100 DC with 2 combo GIG copper/ SFP

  • 3550: 50p 10/100 with 2 combo GIG copper/ SFP



At 8500 l2 switches and network security

Q & A

Appendix a1 acl parameters

Appendix A1 - ACL Parameters

  • <protocol> layer 3 protocol in frame header or layer 4 protocol in ip header

  • <ip> <wildcard> specifies a network address any can replace any <IP> <wildcard>

  • <precedence> precedence field in IP header

  • <tos> Type of service field in IP header

  • <icmp-type> for an icmp message

  • <icmp-code> for an icmp code

  • <icmp-message> for combined icmp message code

  • <igmp-type> for an igmp message

  • eq <port> destination port number in TCP/UDP header

  • eq <protocol> ACL applicable to an application protocol allowed

  • no-<protocol> no application protocol allowed

  • <time-range-id> ACL is only effective in specified time range

Appendix b1 dos attacks

Appendix B1- Dos Attacks

  • SYN-Flood Attack

  • Definition:

    • A DOS Attack which attempts to overwhelm a system’s resources by tying up memory, by initiating half-open connections therefore denying connections to legitimate traffic.

  • Impact:

    • Two ways, target machine will suffer performance and may not be able to service real connections, resulting in perceived downtime. Sending machine will forward thousands of packets per second, impacting machine performance and possible network performance.

  • Solutions:

    • These attacks use spoofed addresses, restricting the use of spoofed addresses originating from switch ports. Setting a threshold for the number of SYN packets received in a specified amount of time. Violation will cause trap and port connections to be throttled.

Apendix b2 dos attacks

Apendix B2- Dos Attacks

  • SMURF Attack

  • Description:

    • Sending spoofed packets to an IP broadcast address with an attempt to overwhelm the device whose address is being spoofed

  • Impact

    • Receiver: Attack will degrade network performance. Sender: may create bottlenecks in small bandwidth pipes like T1s on senders network.

  • Solution:

    • Disable ICMP directed broadcasts on the network.

    • Senders networks should not allow packets with spoofed address in SA leave network.

Appendix b3 dos attacks

Appendix B3- Dos Attacks

  • Ping of Death

  • Description

    • Attempts to destabilize a network device by sending an ICMP Echo request with an oversized payload to fragment packet

  • Impact

    • Will cause device under attack to crash when attempting to reassemble oversized payload

  • Solution

    • Sampling technique to sample streams of fragmented packets and make sure they to not violate IP payload sizes.

Appendix b4 dos attacks

Appendix B4- Dos Attacks

  • Teardrop

  • Description

    • Attack on capitalizes on venerable TCP/IP stack implementations that cannot handle overlapped IP fragments

  • Impact

    • Target machine crashes

  • Solution

    • Sampling algorithm that will check IP fragmented packets against overlapping

Appendix b5 dos attacks

Appendix B5- Dos Attacks

  • LAND Attack

  • Description

    • Targets implementations of TCP/IP that are vulnerable to packets using same IP SA/DA addresses

  • Impact

    • Target machine will crash or hang.

  • Solution

    • Filter all outgoing packets that have a source address from a different network, and incoming packets that have a local source address

Appendix b6 dos attacks

Appendix B6- Dos Attacks

  • IP Options Attack

  • Description

    • This attack attempts to overwhelm CPU with exceptions, by sending packets with bad IP options.

  • Impact

    • This attack will cause the target machine to crash

  • Solution

    • Set threshold for number of packets with IP options, and after the rate of such packets crosses a certain threshold alert administrator.

  • Login