DCS834 Computer Networking

DCS834 Computer Networking

CSIS DCS835 Compute Network and the Internet VLANS Team 0 Maria Sette Roshan Shaikh 8/2/2011 Team 0 1 CSIS Outline

Motivation Design Operation Security Conclusion References Q/A 8/2/2011 Team 0 2 CSIS Motivation VLAN Contemporary LANs Need Segmentation Topology (All Within 802.3 Ethernet - TP) Geographic Organizational

Functional Load [1] Functional Network Mis-configured Network (Broadcast Storms) Broadcast [2] Efficient Use of Available Ports 8/2/2011 Team 0 3 CSIS VLANS Ethernet 802.1Q [2] Group Of LANs That Have Different Physical Connections Virtual Broadcast Domains [3] Communicate As If They Are Connected On A Single Network Segment [3] Unicast Or Broadcast Data Transmission Is

Limited - Traffic Is Reduced [4] Software Based Solution Allows IT Administrators To Adapt To Changes 8/2/2011 Team 0 4 CSIS Advantages Ease of administration [8] Confinement of broadcast domains Reduction in network traffic Enforcement of security policies [10] 8/2/2011

Team 0 5 CSIS Design Ethernet 802.1Q New Frame Format (1995) Ethernet Header (802.3) + VLAN Tag Dest. Source Len Data Pad FCS 802.3 Address Address CFI VLAN Identifier VLAN Tag Pri

802.1 Q (1998) Dest. Addr. 8/2/2011 Source Addr. V-Tag VLAN Len Data Protocol 0 x 8100 Team 0 Pad FCS 6 CSIS

Design Number of VLANS Port Name & ID (Color) Switch Computer Topology 8/2/2011 Geographic Organizational Functional Hybrid Team 0 7 CSIS

Types How a packet gets assigned to a VLAN-Aware Switch [5] Port-based MAC address-based L3 protocol-based Backward Compatibility Only VLAN Switches 802.1 Q NICs 8/2/2011 Team 0 8 CSIS Requirements

> 200 devices on LAN? Groups of users need more security? [2] Slow Network by too many broadcasts? [3] Groups of users need to be on the same broadcast domain running the same applications - VoIP phones? 8/2/2011 Team 0 9 CSIS Operation Logical Broadcast Domains In A Single Switch Or Multiple Switches, Regardless Of Physical Proximity

Configuration (CISCO) [7] VLAN Trunk Protocol (VTP) Mode, Domain Name, Which Ports On The Switch Belong To Which VLAN Linking VLANS Layer 3 Routing Device (WSX4232 For Catalyst 4500/4000 Switches ) Builtin Support For InterVLAN Routing Catalyst 3550/3750/6500 8/2/2011 Team 0 10 CSIS [7] 8/2/2011 Team 0

11 [7] 8/2/2011 Team 0 12 CSIS VLAN Security Considerations Inadequate Switch Configuration [5] Best Practices -The SAFE Blueprint [6] Security Audit Inadequate Access Control Documentation, Policies, Procedures Firmware Controls

Appropriate HW / SW Implementation 8/2/2011 Team 0 13 Threats [9] CSIS Availability Interruption Confidentiality Interception Integrity Modification Authenticity Fabrication

8/2/2011 Team 0 14 Identifying Risks to Data Type of Data What is at Risk Public Prestige, Trust, Revenue Pa Da yro ta ll

Intellectual Property Web Site Public Data Internal Marketing Confidential Data [9] Secret Trade Secrets Internal Operations Confidential Operations, Internal Trust Secret

8/2/2011 CSIS Team 0 15 CSIS Prevention [5] Physical Access System passwords IP permit filters Login Banners Other tools:

RADIUS TACACS+ Kerberos SSH SNMPv3 IDS / IPS 8/2/2011 Team 0 16 CSIS Conclusion Contemporary LANs Need Segmentation

Topology , Load, Broadcast Design Group Of LANs That Have Different Physical Connections Virtual Broadcast Domains Ethernet 802.1Q Security Threats, Risks, Prevention 8/2/2011 Team 0 17 CSIS References 1. 2. 3. 4. 5. 6.

7. 8. 9. 10. Tanenbaud, A. and Wetherall, D., Compter Network, Pearson, Fifth Edition, pp. 838840, 2011. Siefert and Edwards, The all New Switch Book, NY, John Wiley, 2008 http://www.frokwon.net/essays/VLAN.htm http://www.petri.co.il/csc_setup_a_vlan_on_a_cisco_switch.htm Research Report: Secure Use of VLANs: An @stake Security AssessmentAugust 2002, http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/stake_wp.pdf SAFE: A Security Blueprint for Enterprise Networks, http://www.cisco.com/go/safe/ Best Practices for Catalyst 4500, 5000, and 6500 Series Switch Configuration and Management, http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00 80094713.shtml Blum, Howard, Lecture Notes for Course DCS835 Networking and the Internet , Pace University, 2011. Unpublished course lecture notes. Shaikh, R, Network Security, MUET 2011. Unpublished notes. http://www.cisco.com/warp/public/cc/pd/si/casi/ca4000/prodlit/ca450_wp/ ca450_w6.jpg

8/2/2011 Team 0 18 CSIS DCS835 Compute Network and the Internet Questions Team 0 Maria Sette [email protected] Roshan Shaikh [email protected] 8/2/2011 Team 0 19

Recently Viewed Presentations

  • Versamenti Pleurici - unibo.it

    Versamenti Pleurici - unibo.it

    Corso di Laurea in Scienze Infermieristiche Chirurgia Toracica Versamenti Pleurici Prof. Franco Stella Terapia Primitivo Secondario Terapia Chirurgia Obiettivi: - Drenaggio Empiema - Controllo fistola broncopleurica - Obliterazione del cavo residuo Terapia Chirurgia Scelta del trattamento - Presenza o meno...
  • indico.cern.ch

    indico.cern.ch

    2012 More Details. Point-1/5 UJs + RRs: Failures scale with . integrated luminosity. BUT: UJ14/16 shielding . with the aim of being at least compatible with present operation + ad
  • Microbiology : Unit #2 : Bacteria

    Microbiology : Unit #2 : Bacteria

    The bacteria caused boils which started as red bumbs on the skin, and then turned into black dots. "Black Death". The bacteria Yersinia pestis is thought to have caused this disease. Exit Slip 1. What is the name of this...
  • Element superhero/villiain project

    Element superhero/villiain project

    Element Superhero/Villain ProjectGallery Walk. Place your Superhero/Villain poster on your desk. Put your other stuff on the floor or counter. Everyone will walk around the room and complete the chart on the front of your paper, as well as answer...
  • Review - Windsor Central High School

    Review - Windsor Central High School

    Define Divine Right. What was the result of Henry VIII's Act of Supremacy? Voltaire believed everyone had a right to free _____ Jigsaw. All "2's" stand up! You are going to be paired with a "1" Discuss your respective readings...
  • Exposure: The Key Ingredient

    Exposure: The Key Ingredient

    Can be imaginal, audtiotaped, in vivo, or virtual reality. General rule. What ever the name or the technique used, the key essential ingredient to successful exposure is prolonged, systematic, and repeated contact with the avoided stimuli ... Practice and Rewards....
  • Diapositive 1 - nbbn.ca

    Diapositive 1 - nbbn.ca

    Youwillsee by yourselfwith the followingcomparisonchart, I can tell youthatwe have the best CSV in the market. ... Primerica Life. 38.95. I will show you how we are competitive. Here, for a male NS, 30 yearsold, $250K, we are #3,justafter SSQ...
  • Advertising to Children: Issues of contextualisation

    Advertising to Children: Issues of contextualisation

    Advertising to Children: Issues of contextualisation ... will develop them in next few slides Define what pragmatics is… Grice's rules - observed in the breach rather than the observance May's work - Ivan Leudar helped me here. ... (cf Ground...