Security threats in the LAN

277
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
277
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • RADIUS stands for Remote Authentication Dial In User Service.
    It is an authentication service that was first defined in RFC2058 in 1997. It has been extended significantly in further RFCs since then.
  • This diagram illustrates an exchange that is using the EAP-MD5 authentication method, which is the simplest authentication method supported by 802.1x.
    The EAPol logoff message, of course, is not sent immediately after the other messages in the diagram, but is sent later on, at the end of the supplicant’s data session, when it wishes to disconnect from the network.
  • Security threats in the LAN

    1. 1. Security threats in the LAN Febr 2014
    2. 2. Perimeter defense
    3. 3. Security threats Security threats in the LAN
    4. 4. Information stealing
    5. 5. Information stealing
    6. 6. Information stealing /DoS Rogue DHCP Server
    7. 7. DoS
    8. 8. Information stealing/ DoS
    9. 9. Information stealing / DoS Spanning tree attack
    10. 10. Oh no!!!! What do we do??????
    11. 11. Look who’s knocking
    12. 12. AAA A uthentication Authorization Accounting
    13. 13. Introducing 802.1x » 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
    14. 14. Component Protocols Two protocols involved in authentication conversation EAPoL exchanged between Supplicant and Authenticator EAPoL - Extensible Authentication Protocol over LAN is the protocol defined in IEEE802.1x RADIUS exchanged between Authenticator and Authentication Server RADIUS has received specific extensions to interoperate with EAPoL
    15. 15. Example Message Sequence
    16. 16. Dynamic Vlan Assigment / Guest Vlan Voice VLAN 30 Data VLAN 20 Router Guest Vlan 10 RADIUS Server Link Aggregation Core Switches (stacked) Link Aggregation Authentication Switches PC Vlan 10 IP Phone VLAN30 Linux VLAN20 PC Vlan 10 PC VLAN20 IP Phone VLAN30 Printer VLAN20
    17. 17. Allied Telesis & Microsoft NAP RADIUS Server Windows Server 2008 ( Network Policy Server (NPS), Domain Controller) NIC TEAMING/802.3ad Core Switches (stacked) Link Aggregation Authentication Switches Windows Vista Windows Vista VLAN10 VLAN30 IP Phone VLAN40 Printer VLAN30 802.1x Authentication Supplicant MAC
    18. 18. NAC Overview Remediation Server
    19. 19. What about him ? Disgruntled employee
    20. 20. DHCP snooping + ARP security
    21. 21. Port security
    22. 22. DHCP snooping
    23. 23. Ingress filter
    24. 24. BPDU Guard / Root Guard Spanning tree defense
    25. 25. This is a switch:
    26. 26. Americas Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895 Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830 EMEA Headquarters | Via Motta 24 | 6830 Chiasso | Switzerland | T: +41 91 69769.00 | F: +41 91 69769.11 © 2011 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×