slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
安全网管技术 PowerPoint Presentation
Download Presentation
安全网管技术

Loading in 2 Seconds...

play fullscreen
1 / 84

安全网管技术 - PowerPoint PPT Presentation


  • 284 Views
  • Uploaded on

安全网管技术. 张焕杰 中国科学技术大学网络信息中心 james@ustc.edu.cn http://202.38.64.40/~james/nms Tel: 3601897(O). 第二章 2层网络安全威胁及对策. 本章主要内容 2层网络安全威胁概述 常见的安全威胁及对策 MAC 攻击 VLAN “Hopping” 攻击 ARP 攻击 Spanning Tree 攻击 端口认证 总结. 参考资料:. Cisco Networkers 2003 Understanding and Preventing Layer 2 Attacks

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

安全网管技术


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

安全网管技术

张焕杰

中国科学技术大学网络信息中心

james@ustc.edu.cn

http://202.38.64.40/~james/nms

Tel: 3601897(O)

slide2
第二章 2层网络安全威胁及对策
  • 本章主要内容
    • 2层网络安全威胁概述
    • 常见的安全威胁及对策
      • MAC攻击
      • VLAN “Hopping” 攻击
      • ARP攻击
      • Spanning Tree 攻击
      • 端口认证
    • 总结
slide3
参考资料:
  • Cisco Networkers 2003
    • Understanding and Preventing Layer 2 Attacks
    • http://210.45.224.8/~james/cw2003/SEC-2002.pdf
slide4
2层网络安全威胁概述
  • 本章主要针对交换式以太网络
    • 如果使用WLAN、HUB等共享以太网,攻击会更简单
    • 其他网络技术可能有其他类型的攻击
  • 有些理论上的威胁也许会被实际利用
  • 主要针对Cisco设备来讨论,其他厂商在细节上可能有些出入
slide22

VLAN A

VLAN A

VLAN B

VLAN B

native vlan
Native VLAN
  • Trunk口可以设置Native VLAN
  • 使用802.1Q封装时,当Trunk口发送Native VLAN的数据包,不加Tag,其他的都需要加
  • 一般Trunk链路两端的Native VLAN设置需保持一致
  • 缺省的Native VLAN为1
slide28

10

20

Native VLAN 20

VLAN 10

802 1 x
802.1X应用

国内有些高校用802.1X处理宿舍网络认证问题

slide70
CDP应用

Core-3550#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch Gig 0/1 131 S I WS-C2950-2Fas 0/18

NIC-3750 Gig 0/12 171 R S I WS-C3750G-Gig 1/0/24

TuShuGuan-3550 Gig 0/2 121 R S I WS-C3550-1Gig 0/1