CSIS DCS835 Compute Network and the Internet VLANS Team 0 Maria Sette Roshan Shaikh 8/2/2011 Team 0 1 CSIS Outline
Motivation Design Operation Security Conclusion References Q/A 8/2/2011 Team 0 2 CSIS Motivation VLAN Contemporary LANs Need Segmentation Topology (All Within 802.3 Ethernet - TP) Geographic Organizational
Functional Load  Functional Network Mis-configured Network (Broadcast Storms) Broadcast  Efficient Use of Available Ports 8/2/2011 Team 0 3 CSIS VLANS Ethernet 802.1Q  Group Of LANs That Have Different Physical Connections Virtual Broadcast Domains  Communicate As If They Are Connected On A Single Network Segment  Unicast Or Broadcast Data Transmission Is
Limited - Traffic Is Reduced  Software Based Solution Allows IT Administrators To Adapt To Changes 8/2/2011 Team 0 4 CSIS Advantages Ease of administration  Confinement of broadcast domains Reduction in network traffic Enforcement of security policies  8/2/2011
Team 0 5 CSIS Design Ethernet 802.1Q New Frame Format (1995) Ethernet Header (802.3) + VLAN Tag Dest. Source Len Data Pad FCS 802.3 Address Address CFI VLAN Identifier VLAN Tag Pri
802.1 Q (1998) Dest. Addr. 8/2/2011 Source Addr. V-Tag VLAN Len Data Protocol 0 x 8100 Team 0 Pad FCS 6 CSIS
Design Number of VLANS Port Name & ID (Color) Switch Computer Topology 8/2/2011 Geographic Organizational Functional Hybrid Team 0 7 CSIS
Types How a packet gets assigned to a VLAN-Aware Switch  Port-based MAC address-based L3 protocol-based Backward Compatibility Only VLAN Switches 802.1 Q NICs 8/2/2011 Team 0 8 CSIS Requirements
> 200 devices on LAN? Groups of users need more security?  Slow Network by too many broadcasts?  Groups of users need to be on the same broadcast domain running the same applications - VoIP phones? 8/2/2011 Team 0 9 CSIS Operation Logical Broadcast Domains In A Single Switch Or Multiple Switches, Regardless Of Physical Proximity
Configuration (CISCO)  VLAN Trunk Protocol (VTP) Mode, Domain Name, Which Ports On The Switch Belong To Which VLAN Linking VLANS Layer 3 Routing Device (WSX4232 For Catalyst 4500/4000 Switches ) Builtin Support For InterVLAN Routing Catalyst 3550/3750/6500 8/2/2011 Team 0 10 CSIS  8/2/2011 Team 0
11  8/2/2011 Team 0 12 CSIS VLAN Security Considerations Inadequate Switch Configuration  Best Practices -The SAFE Blueprint  Security Audit Inadequate Access Control Documentation, Policies, Procedures Firmware Controls
8/2/2011 Team 0 14 Identifying Risks to Data Type of Data What is at Risk Public Prestige, Trust, Revenue Pa Da yro ta ll
Intellectual Property Web Site Public Data Internal Marketing Confidential Data  Secret Trade Secrets Internal Operations Confidential Operations, Internal Trust Secret
8/2/2011 CSIS Team 0 15 CSIS Prevention  Physical Access System passwords IP permit filters Login Banners Other tools:
RADIUS TACACS+ Kerberos SSH SNMPv3 IDS / IPS 8/2/2011 Team 0 16 CSIS Conclusion Contemporary LANs Need Segmentation
Topology , Load, Broadcast Design Group Of LANs That Have Different Physical Connections Virtual Broadcast Domains Ethernet 802.1Q Security Threats, Risks, Prevention 8/2/2011 Team 0 17 CSIS References 1. 2. 3. 4. 5. 6.
7. 8. 9. 10. Tanenbaud, A. and Wetherall, D., Compter Network, Pearson, Fifth Edition, pp. 838840, 2011. Siefert and Edwards, The all New Switch Book, NY, John Wiley, 2008 http://www.frokwon.net/essays/VLAN.htm http://www.petri.co.il/csc_setup_a_vlan_on_a_cisco_switch.htm Research Report: Secure Use of VLANs: An @stake Security AssessmentAugust 2002, http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/stake_wp.pdf SAFE: A Security Blueprint for Enterprise Networks, http://www.cisco.com/go/safe/ Best Practices for Catalyst 4500, 5000, and 6500 Series Switch Configuration and Management, http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00 80094713.shtml Blum, Howard, Lecture Notes for Course DCS835 Networking and the Internet , Pace University, 2011. Unpublished course lecture notes. Shaikh, R, Network Security, MUET 2011. Unpublished notes. http://www.cisco.com/warp/public/cc/pd/si/casi/ca4000/prodlit/ca450_wp/ ca450_w6.jpg
Corso di Laurea in Scienze Infermieristiche Chirurgia Toracica Versamenti Pleurici Prof. Franco Stella Terapia Primitivo Secondario Terapia Chirurgia Obiettivi: - Drenaggio Empiema - Controllo fistola broncopleurica - Obliterazione del cavo residuo Terapia Chirurgia Scelta del trattamento - Presenza o meno...
The bacteria caused boils which started as red bumbs on the skin, and then turned into black dots. "Black Death". The bacteria Yersinia pestis is thought to have caused this disease. Exit Slip 1. What is the name of this...
Element Superhero/Villain ProjectGallery Walk. Place your Superhero/Villain poster on your desk. Put your other stuff on the floor or counter. Everyone will walk around the room and complete the chart on the front of your paper, as well as answer...
Define Divine Right. What was the result of Henry VIII's Act of Supremacy? Voltaire believed everyone had a right to free _____ Jigsaw. All "2's" stand up! You are going to be paired with a "1" Discuss your respective readings...
Can be imaginal, audtiotaped, in vivo, or virtual reality. General rule. What ever the name or the technique used, the key essential ingredient to successful exposure is prolonged, systematic, and repeated contact with the avoided stimuli ... Practice and Rewards....
Youwillsee by yourselfwith the followingcomparisonchart, I can tell youthatwe have the best CSV in the market. ... Primerica Life. 38.95. I will show you how we are competitive. Here, for a male NS, 30 yearsold, $250K, we are #3,justafter SSQ...
Advertising to Children: Issues of contextualisation ... will develop them in next few slides Define what pragmatics is… Grice's rules - observed in the breach rather than the observance May's work - Ivan Leudar helped me here. ... (cf Ground...
Ready to download the document? Go ahead and hit continue!