Chapter 6: Securing the Local Area Network

Instructor Materials – Chapter 6: Securing the Local Area Network

Chapter Outline:

6.0 Introduction
6.1 Endpoint Security
6.2 Layer 2 Security Threats
6.3 Summary

Section 6.1: Endpoint Security

Topic 6.1.1: Introducing Endpoint Security

  • Securing LAN Elements
  • Traditional Endpoint Security
  • The Borderless Network
  • Securing Endpoints in the Borderless Network
  • Modern Endpoint Security Solutions
  • Hardware and Software Encryption of Local Data

Topic 6.1.2: Antimalware Protection

  • Advanced Malware Protection
  • AMP and Managed Threat Defense
  • AMP for Endpoints

Topic 6.1.3: Email and Web Security

  • Securing Email and Web
  • Cisco Email Security Appliance
  • Cisco Web Security Appliance

Topic 6.1.4: Controlling Network Access

  • Cisco Network Admission Control
  • Cisco NAC Functions
  • Cisco NAC Components
  • Network Access for Guests
  • Cisco NAC Profiler

Section 6.2: Layer 2 Security Considerations

Topic 6.2.1: Layer 2 Security Threats

  • Describe Layer 2 Vulnerabilities
  • Switch Attack Categories

Topic 6.2.2: CAM Table Attacks

  • Basic Switch Operation
  • CAM Table Operation Example
  • CAM Table Attack
  • CAM Table Attack Tools

Topic 6.2.3: Mitigating CAM Table Attacks

  • Countermeasure for CAM Table Attacks
  • Port Security
  • Enabling Port Security Options
  • Port Security Violations
  • Port Security Aging
  • Port Security with IP Phones
  • SNMP MAC Address Notification

Topic 6.2.4: Mitigating VLAN Attacks

  • VLAN Hopping Attacks
  • VLAN Double-Tagging Attack
  • Mitigating VLAN Hopping Attacks
  • PVLAN Edge Feature
  • Verifying Protected Ports
  • Private VLANs

Topic 6.2.5: Mitigating DHCP Attacks

  • DHCP Spoofing Attack
  • DHCP Starvation Attack
  • Mitigating VLAN Attacks
  • Configuring DHCP Snooping
  • Configuring DHCP Snooping Example

Topic 6.2.6: Mitigating ARP Attacks

  • ARP Spoofing and ARP Poisoning Attack
  • Mitigating ARP Attacks
  • Configuring Dynamic ARP Inspection
  • Configuring DHCP Snooping Example

Topic 6.2.7: Mitigating Address Spoofing Attacks

  • Address Spoofing Attack
  • Mitigating Address Spoofing Attacks
  • Configuring IP Source Guard

Topic 6.2.8: Spanning Tree Protocol

  • Introduction to the Spanning Tree Protocol
  • STP Port Roles
  • STP Root Bridge
  • STP Path Cost
  • 802.1D BPDU Frame Format
  • BPDU Propagation and Process
  • Extended System ID
  • Select the Root Bridge

Topic 6.2.9: Mitigating STP Attacks

  • STP Manipulation Attacks
  • Mitigating STP Attacks
  • Configuring PortFast
  • Configuring BDPU Guard
  • Configuring Root Guard
  • Configuring Loop Guard

Section 6.3: Summary

Chapter Objectives:

  • Explain endpoint security.
  • Describe various types of endpoint security applications.
  • Describe Layer 2 vulnerabilities.

 

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x