安全网管技术
This presentation is the property of its rightful owner.
Sponsored Links
1 / 84

安全网管技术 PowerPoint PPT Presentation


  • 219 Views
  • Uploaded on
  • Presentation posted in: General

安全网管技术. 张焕杰 中国科学技术大学网络信息中心 [email protected] http://202.38.64.40/~james/nms Tel: 3601897(O). 第二章 2层网络安全威胁及对策. 本章主要内容 2层网络安全威胁概述 常见的安全威胁及对策 MAC 攻击 VLAN “Hopping” 攻击 ARP 攻击 Spanning Tree 攻击 端口认证 总结. 参考资料:. Cisco Networkers 2003 Understanding and Preventing Layer 2 Attacks

Download Presentation

安全网管技术

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


5630320

安全网管技术

张焕杰

中国科学技术大学网络信息中心

[email protected]

http://202.38.64.40/~james/nms

Tel: 3601897(O)


5630320

第二章 2层网络安全威胁及对策

  • 本章主要内容

    • 2层网络安全威胁概述

    • 常见的安全威胁及对策

      • MAC攻击

      • VLAN “Hopping” 攻击

      • ARP攻击

      • Spanning Tree 攻击

      • 端口认证

    • 总结


5630320

参考资料:

  • Cisco Networkers 2003

    • Understanding and Preventing Layer 2 Attacks

    • http://210.45.224.8/~james/cw2003/SEC-2002.pdf


5630320

2层网络安全威胁概述

  • 本章主要针对交换式以太网络

    • 如果使用WLAN、HUB等共享以太网,攻击会更简单

    • 其他网络技术可能有其他类型的攻击

  • 有些理论上的威胁也许会被实际利用

  • 主要针对Cisco设备来讨论,其他厂商在细节上可能有些出入


5630320

VLAN A

VLAN A

VLAN B

VLAN B


Native vlan

Native VLAN

  • Trunk口可以设置Native VLAN

  • 使用802.1Q封装时,当Trunk口发送Native VLAN的数据包,不加Tag,其他的都需要加

  • 一般Trunk链路两端的Native VLAN设置需保持一致

  • 缺省的Native VLAN为1


5630320

10

20

Native VLAN 20

VLAN 10


802 1 x

802.1X应用

国内有些高校用802.1X处理宿舍网络认证问题


5630320

CDP应用

Core-3550#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch Gig 0/1 131 S I WS-C2950-2Fas 0/18

NIC-3750 Gig 0/12 171 R S I WS-C3750G-Gig 1/0/24

TuShuGuan-3550 Gig 0/2 121 R S I WS-C3550-1Gig 0/1


  • Login