Instructor Materials – Chapter 6: Securing the Local Area Network
Chapter Outline:
6.0 Introduction
6.1 Endpoint Security
6.2 Layer 2 Security Threats
6.3 Summary
Section 6.1: Endpoint Security
Topic 6.1.1: Introducing Endpoint Security
- Securing LAN Elements
- Traditional Endpoint Security
- The Borderless Network
- Securing Endpoints in the Borderless Network
- Modern Endpoint Security Solutions
- Hardware and Software Encryption of Local Data
Topic 6.1.2: Antimalware Protection
- Advanced Malware Protection
- AMP and Managed Threat Defense
- AMP for Endpoints
Topic 6.1.3: Email and Web Security
- Securing Email and Web
- Cisco Email Security Appliance
- Cisco Web Security Appliance
Topic 6.1.4: Controlling Network Access
- Cisco Network Admission Control
- Cisco NAC Functions
- Cisco NAC Components
- Network Access for Guests
- Cisco NAC Profiler
Section 6.2: Layer 2 Security Considerations
Topic 6.2.1: Layer 2 Security Threats
- Describe Layer 2 Vulnerabilities
- Switch Attack Categories
Topic 6.2.2: CAM Table Attacks
- Basic Switch Operation
- CAM Table Operation Example
- CAM Table Attack
- CAM Table Attack Tools
Topic 6.2.3: Mitigating CAM Table Attacks
- Countermeasure for CAM Table Attacks
- Port Security
- Enabling Port Security Options
- Port Security Violations
- Port Security Aging
- Port Security with IP Phones
- SNMP MAC Address Notification
Topic 6.2.4: Mitigating VLAN Attacks
- VLAN Hopping Attacks
- VLAN Double-Tagging Attack
- Mitigating VLAN Hopping Attacks
- PVLAN Edge Feature
- Verifying Protected Ports
- Private VLANs
Topic 6.2.5: Mitigating DHCP Attacks
- DHCP Spoofing Attack
- DHCP Starvation Attack
- Mitigating VLAN Attacks
- Configuring DHCP Snooping
- Configuring DHCP Snooping Example
Topic 6.2.6: Mitigating ARP Attacks
- ARP Spoofing and ARP Poisoning Attack
- Mitigating ARP Attacks
- Configuring Dynamic ARP Inspection
- Configuring DHCP Snooping Example
Topic 6.2.7: Mitigating Address Spoofing Attacks
- Address Spoofing Attack
- Mitigating Address Spoofing Attacks
- Configuring IP Source Guard
Topic 6.2.8: Spanning Tree Protocol
- Introduction to the Spanning Tree Protocol
- STP Port Roles
- STP Root Bridge
- STP Path Cost
- 802.1D BPDU Frame Format
- BPDU Propagation and Process
- Extended System ID
- Select the Root Bridge
Topic 6.2.9: Mitigating STP Attacks
- STP Manipulation Attacks
- Mitigating STP Attacks
- Configuring PortFast
- Configuring BDPU Guard
- Configuring Root Guard
- Configuring Loop Guard
Section 6.3: Summary
Chapter Objectives:
- Explain endpoint security.
- Describe various types of endpoint security applications.
- Describe Layer 2 vulnerabilities.