Module 14 Flashcards
is considered to be the weakest link in the network system.
Layer 2
Includes MAC table overflow (also called MAC Address Flooding) Attacks.
MAC Table Attacks
Includes VLAN hopping and VLAN double‐tagging attacks. It also includes attacks between devices on a common VLAN.
VLAN Attacks
Includes DHCP starvation and DHCP spoofing attacks.
DHCP Attacks
Includes ARP spoofing and ARP poisoning attacks.
ARP Attacks
Includes MAC Address and IP address spoofing attacks.
Address Spoofing Attacks
Includes Spanning Tree Protocol manipulation attacks.
STP Attacks
The following strategies are recommended:
*Always use secure variants of these protocols such as SSH, SCP, and SSL.
*Consider using out-of-band (OOB) management.
*Use a dedicated management VLAN where nothing but management traffic
resides.
*Use ACLs to filter unwanted access.
pyramid
port security
dhcp snooping
dai
ipsg
prevents many types of attacks including MAC table overflow attacks and DHCP
starvation attacks.
Port Security
prevents DHCP starvation and DHCP spoofing attacks by rogue DHCP servers.
DHCP spoofing
prevents ARP spoofing and ARP poisoning attacks.
Dynamic ARP Inspection (DAI)
prevents MAC and IP address spoofing attacks
IP Source Guard (IPSG)
If Layer 2 is disrupted by a cyber attack, all layers above it will be affected.
True
It is important to protect Layer 2 by always using secure variants of protocols such as
In addition, ___ should be used to filter unwanted access.
SSH, SCP, and SSL.
ACLs
are available on Cisco switches to directly mitigate Layer 2 attacks.
Port security, DHCP Snooping, DAI, and IP Source Guard
One type of Layer 2 attack floods the switch with frames with __
random MAC source addresses.
___ can quickly overwhelm the MAC table of a switch causing a MAC table overflow exploit.
Threat actor tools such as macof
A simple but effective way to prevent Layer 2 attacks is to
shutdown all unused ports.
is a simple way to directly address MAC address overflow attacks.
Port security
attacks enable threat actors to access VLANs that they are not authorized to access.
VLAN hopping and VLAN double-tagging
In ____, a threat actor connects a host computer to a switch and then attempts to negotiate the switchport to become trunk using DTP.
VLAN hopping attacks
In _____, a threat actor adds a false VLAN tag to malicious traffic in addition to the legitimate tag.
VLAN double-tagging attacks