Firewall and Switch Protection Mechanisms | Comptia Security Plus

Firewall and Switch Protection Mechanisms, CAM Overflow Attack

Network should consist of three network areas
1. DMZ or a demilitarized zone, a subnetwork containing an organization's exposed, outward-facing services
2. The inside network
3. The Internet facing network/Outside network

The advantage of setting up different network separation is we can use our firewall to setup different rules for the different network. For example there is no FTP traffic allowed in to the inside network, but we will allow FTP to the DMZ. We can also use access control list to only allow authorised access to network resources.

If we are setting Virtual Local Area Networks (vLANs) we can also take advantage of subnets to manage network traffic. This would require a router or other layer 3 device.

We can also use switches to manage port security (the switch will remember the MAC address). A CAM overflow attack occurs when an attacker connects to a single or multiple switch ports and then runs a tool that mimics the existence of thousands of random MAC addresses on those switch ports. The switch enters these into the CAM table, and eventually the CAM table fills to capacity. When a switch is in this state, no more new MAC addresses can be learned; therefore, the switch starts to flood any traffic from new hosts out of all ports on the switch.

A CAM overflow attack turns a switch into a hub, which enables the attacker to eavesdrop on a conversation and perform man-in-the-middle attacks.

We could hard code the MAC address to the switch and only allow authorised MAC addresses. We could also use 802.1 at the switch port and this mean the switch will look for the user credentials.

Scanning Tree Protocol (STP) protects against network data Loops. Switches also have vendor specific flood guards.

FTP is not encrypted, anyone eavesdropping on an FTS session could see the FTP credentials and gain access to the FTS server. Telnet should also be disabled as this works in plain text.




Firewall and Switch Protection Mechanisms | Comptia Security Plus

Firewall and Switch Protection Mechanisms, CAM Overflow Attack

Ransomware Threats | Email Threat Simulation

Over 90% Of Ransomware Threats Are Initiated By Email

Comptia Security Plus | Access Control List

Comptia Security Plus | Access Control List

Network Security | Network Segmentation and Separation with VLANs

Network Security | Network Segmentation and Separation with VLANs

Ransomware and The Role of Cryptocurrency

Ransomware and The Role of Cryptocurrency

Understanding Ransomware | Defending Against Ransomware

Understanding Ransomware and Defending Against Ransomware

How does ARP work? | ARP Commands

How does ARP work?, ARP Command

Kaseya Cyber Attack | Kaseya Ransomware Attack

About 200 US businesses have been hit by ransomware attack, according to a cyber-security firm.

Suggested Cyber Resilience Activity Plan

Suggested Cyber Resilience Activity Plan

Types of Cyber Security Threats

Types of Cyber Security Threats: Ransomware, Malware, Social engineering, Phishing