More reason’s to secure your LAN

Security always comes at the expense of userabilty. It is a balancing act which changes according to the security threats that you are likely to face, and the ease of use/management.

HackerTake for example your Local Area Network. It is best practice to “shutdown” Ethernet ports when not in use, then to un-patch Ethernet ports which have not been used for a period of time. However it is seldom done due to the fact that it is a pain to suddenly make the port live when users require access. Most network admins want users to be able to just plug into the network without hindrance. Even worse, this same practice is also used on wireless networks (No WEP, WPA security). This allows network admins to sit at their workstations and enable access to network resources by enabling user accounts or changing group permissions.

Hopefully what I’m about to show you will encourage you to elevate your threat level and increase your security systems to combat a new type of threat. This threat increases the number of attacks to disrupt your network and in some case’s compromise your IT systems. It can accomplish all this without a username or password, or even a TCP/IP address, all it needs is a live network port or a open wireless

It uses infrastructure protocols which are often overlooked. Most of the security attention tends to be on the higher level protocols which travel via routers and across the Internet. The infrastructure Layer 2
protocols (STP , DHCP,CDP,VTP,HSRP etc) although local are vital to the functioning of a network.

A software network analysis tool named after the bacteria which causes plague (“Yersinia pestis”)can cause everything which I have just described. It has been designed to be a penetration testing tool,however in the wrong hands it can be devastating.

There are defenses against these form of attacks, but it takes time and effort.

  • Keep your physical network points secure, and make staff
    aware of network security
  • Keep a map of your network updated. This can be used to
    determine “quiet areas” for plug in attacks.
  • Use STP Port fast sparingly
  • Use Authentication in your HSRP groups
  • Keep your switch firmware updated.
  • Disable Cisco Discovery Protocol

The best defenses are the physical ones. It does add more management time, but at least your network security will have increased.


Leave a comment
You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


Recent Posts

Recent Comments

Older Posts