Popular Posts
Basic Switch Operation and security
Unlike hubs, switches can regulate the flow of data between their ports by creating “instant”
networks that contain only the two end devices communicating with each other at
that moment in time. When end systems send data frames, their source and destination
addresses are not changed throughout the switched domain. Switches maintain contentaddressable
memory (CAM) lookup tables to track the source MAC addresses located on
the switch ports. These lookup tables are populated by an address-learning process on the
switch. If the destination MAC address of a frame is not known, or if the frame received
by the switch is destined for a broadcast or multicast MAC address, the switch forwards
the frame to all ports. Because of their capability to isolate traffic and create instant networks,
you can use switches to divide a physical network into multiple logical segments,
or VLANs, using Layer 2 traffic segmenting.
Layer 2 is the data link layer in the OSI model and is one of seven layers designed to work
together but with autonomy. Layer 2 operates above the physical layer, but below the network
and transport layers, as shown belowLayer 2 independence enables interoperability and interconnectivity. However, from a security
perspective, Layer 2 independence creates a challenge because a compromise at
one layer is not always known by the other layers. If the initial attack comes in at Layer 2,
the rest of the network can be compromised in an instant. Network security is only as
strong as the weakest link—and that link might be the data link layer.
Tags: Mitigating Layer 2 Attacks