Types of attacks
One of the most common security breaches in the organization is the attack on the communication network. The attack on the enterprise network comes in different types which include:
- MAC flooding: This is the type of attack that overloads the switch’s MAC forwarding tables to make the switch function like a hub. The attack is carried in three methods:
- The attackers overload the switch with packets that have different source MAC address.
- The packets floods the forwarding tables and occupies much of the memory in the switch hence necessitating the switch to go into a state known as fail open made. This changes the normal functioning of switch by broadcasting out all incoming packets out all ports including the hub as oppose to the normal operation of just broadcasting packets to the correct ports.
- The attackers then captures all the traffic with protocol sniffer/analyzer.
- ARP spoofing/poisoning: The attackers carries out the attack by associating their MAC address with IP address of victim devices. ARP spoofing waits for a victims’ computer to request for ARP to access MAC address of the known IP address so that they respond with attacker’s MAC address as oppose to the correct MAC address for the right device.
- MAC spoofing: This involves altering the source MAC address on frames sent by the attackers. The attackers typically uses MAC spoofing to bypass 802.1x port-based security. In addition, MAC spoofing can also be used to bypass wireless MAC filtering as well as impersonating other devices on the network or hiding the identity of the attacker’s computer.
- Dynamic Trunking Protocol (DTP): Since switches are secured and have the ability to detect automatically ports that are trunk and to initiate the bypass the trunking protocol used between devices, the attackers tend to attack devices that have DTP enable since they are not secured and allows unauthorized devices to change the configuration information. Therefore, it is important for the user of the to disable DTP services on the switch’s end user access ports before executing the switch configuration into the network.
There are several methods of protecting and preventing enterprise network from attacks. These include securing the switches, router and SAN. Some of the security measures that enhance network security include:
Securing network: This involves changing the default manufacturing password and user name through encryption of the new passwords. It is important for users’ of the devices to use complex passwords that contain mixed characters types such as symbols, numbers and letters. For instance, cisco device use the Message-Digest 5 (MD5) hashing algorithm to encrypt the password.
Read also Network Design Sample Paper
Secure protocols: It is important to use encrypted protocols when using devices that uses enterprise network. For example, Secure Shell (SSH) enables the network users’ to secure interactive control of remote systems. Another mechanism is the use of Secure Copy Protocol (SCP) which is a secure file copy protocol that uses SSH for security.
Physical securing of devices: The management of enterprise should ensure that the device that uses network is protected from unauthorized persons. Studies have shown that physical access to network devices by the attackers increases the vulnerability to bypass any configured passwords.