Switch Security Attacks – Layer 2 Security

Switch Security Attacks are the most popular topic in the switch Layer 2 Security. This is simply because they are dangerous. Cisco device security is surely one of the most interesting topics in the whole Cisco world. In the networking world in general this is also one of the most exciting and dynamic topic of all. In this small article we are starting to talk first of all about Cisco switch security that is followed by more detail articles about every aspect of the security and security issues, treats and troubleshooting in general.

Switch mac address table full of bogus mac addresses acts like a hub

In this picture, a switch is attacked with Mac address flooding attack. This attack will fill up the Mac address table of the switch with bogus source MAC addresses. In that case switch will not have the information own witch port are real MAC addresses of PC A, PC B or PC C. He will broadcast all the traffic from all PC-s to every other. That attack will make all packet sniffing possible from every computer.




Switch security does not stop malicious attacks from occurring if we don’t use some advanced methods in the configuration. In the next few posts, we will speak about some of the most appalling security attacks and how dangerous they are for our network. We will also show you the methods and technologies that exist to prevent these attacks to happen.

When we get to know all this different attacks and see how they can be intent to destroy our switch security, we will feel the need to learn what to do when they happen. In articles on the right side we are showing you how to prevent those attacks from happening and all the configuration that you will need to do on a network switch to prevent intrusions.

Layer 2 security attacks: Layer 2 attacks prevention:
  1. VLAN hopping attacks – Switch Spoofing and Double tagging
  2. STP – Spanning Tree Protocol attack
  3. Mac address flooding
  4. DHCP Server Spoofing
  5. ARP Spoofing
  6. CDP attack
  7.  Telnet Attack
  1. Prevent VLAN hopping attacks attacks – Spoofing and Double tagging
  2. Prevent STP attack
  3. Prevent Mac address Flooding
  4. Prevent DHCP Server Spoofing
  5. Prevent ARP Spoofing
  6. Prevent CDP attack
In the times when is to late for us to defend the network from attack, we must be prepared for some serious troubleshooting and fast solving of security issues. In the next articles about troubleshooting this network security attacks you can read about how to get rid of the problem when is too late to prevent attack to happen.

No Responses

Leave a Reply