Like routers, both Layer 2 and Layer 3 switches have their own set of network security requirements. Access to switches is a convenient entry point for attackers who are intent on illegally gaining access to a corporate network. With access to a switch, an attacker can set up rogue access points and protocol analyzers, and launch all types of attacks from within the network. Attackers can even spoof the MAC and IP addresses of critical servers and do significant damage. This course introduces basic switching concepts, explains security threats that exploit vulnerabilities in the switching infrastructure, and examines strategies to mitigate those threats.
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v2.0 640-554 certification, which is associated with the CCNA Security certification exam. Knowledge and skills equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1) are required, and a working knowledge of the Windows operating system and Cisco IOS networking and concepts is recommended.
Cisco IINS 2.0: Securing the Data Plane on Cisco Switches
- describe what VLANs are and how they work
- describe how to configure trunks
- identify guidelines to follow when creating VLANs
- describe how STP provides a loop-free network topology
- match the security threats that exploit vulnerabilities in the switching infrastructure to their description
- sequence the steps involved in a double-tagging VLAN hopping attack
- identify strategies for protecting the switch data plane
- identify spanning-tree features on Cisco IOS routers that prevent STP operations from having an impact on the security posture
- sequence steps to configure port security on an access port using CLI
- match switch port port-security parameters to their descriptions