� Network Penetration Testing:
� Identify security weaknesses.
� Plan to avoid performance impacts.
� Common Features:
� Service Identification:
� IANA port numbers, discover FTP and HTTP servers, t est all of the services running on a host.
� Support of SSL Service:
� Testing services that use SSL Level security.
� HTTPS, SMTPS, IMAPS and security certificates.
� Non-destructive and Destructive Testing:
� Security audits that can degrade performance.
� Database of Vulnerabilities:
� Compile a database that can be updated over time.
� You can use them to:
� Capture chat messages.
Capture files from NFS traffic.
� Capture HTTP requests.
� Capture mail messages.
� Capture passwords.
� Display captured URLs in a browser in real-time.
� Flood a switched LAN with random MAC addresses.
� Forge replies to DNS addresses.
� Intercept packets.
Configuring Port Security
� Implement Port Security to:
� Port security is disabled by default.
� Limit the number of valid MAC addresses allowed on a port.
� When you assign secure MAC addresses to a secure po rt, the port does not forward packets with source
addresses outside the group of defined addresses.
� Specify a group of valid MAC addresses allowed on a port.
� Or Allow only one MAC address access to the port.
� Specify that the port automatically shuts down if a n invalid MAC address is detected.
� Secure MAC Address types:
� Static:
� Manually specify that a specific MAC address is the ONLY address allowed to connect to that port.
� They are added to the MAC address table and stored in the running configuration.
� Dynamic:
� MAC addresses are learned dynamically when a device connects to the switch.
� They are stored in the address table and are lost w hen the switch reloads.
� Sticky:
� Specifies that MAC addresses are:
� Dynamically learned.
� Added to the MAC address table.
� Stored in the running configuration.
� You may also manually add a MAC address.
� MAC addresses that are “sticky learned” (you will hear that phrase) will be lost if you fai l to save your
configuration.
� Violations occur when:
� A station whose MAC address is not in the address t able attempts to access the interface and the address table is
full.
� An address is being used on two secure interfaces i n the same VLAN.
� Modes:
� Protect: drop frames – no notify
� Restrict: drop frames - notify
� Shutdown : disable port - notify
Default Security Configuration:
� Configure Static Port Security:
� ONLY address allowed.
� Add to MAC table and running configuration .
� Configure Dynamic Port Security:
� Dynamically learned when the device connects.
� Added to MAC table only.
� Configure Sticky Port Security:
� Dynamically learn MAC addresses.
� Add to MAC table and running configuration.
Verify Port Security
� Verify Port Security Settings:
� Verify Secure MAC Addresses:
Securing Unused Ports
� Disable unused ports
Continue reading on your phone by scaning this QR Code
Tip: The current page has been bookmarked automatically. If you wish to continue reading later, just open the
Dertz Homepage, and click on the 'continue reading' link at the bottom of the page.
