• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Question about Layer 2 security

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> Question about Layer 2 security Page: [1]
Login
Message << Older Topic   Newer Topic >>
Question about Layer 2 security - 25.Mar.2005 12:26:00 PM   
tinto

 

Posts: 247
Joined: 9.Sep.2004
From: Italy
Status: offline
in the "how to secure isa server" help page there is an advice

"Protect against Layer 2 attacks by deploying security solutions such as Layer 2 IDS and static MAC or port associations on switches"

I was reflecting about this, because my knowledge in layer 2 security problems is a bit less than in layer 3 one "[Wink]"

Currently my ISA's public NIC is connected to a switch where are connected a cable coming off another "cold ISA backup" and another one coming off the router that is directly connected to the rough internet world.

This switch is in a safe place and noone untrusted should have the chance to get in touch with it.
is that enough or it's better to take other actions?

P.S.: I'm used to connect with my laptop to the switch to perform port scans (using nmap) on my isa public ip to check it. nmap tells me the isa's MAC address, but I guess it can do this because the laptop has a public ip in the same subnet of isa and is connected to the same switch, so the ARP protocol works. Am I wrong?
Post #: 1
RE: Question about Layer 2 security - 25.Mar.2005 4:59:00 PM   
sniper

 

Posts: 687
Joined: 9.Aug.2001
From: OK, USA
Status: offline
Tinto,

Great question and for the answer I would liek to refer you to a few whitepapers.

http://www.packetwatch.net/documents/papers/layer2sniffing.pdf

http://www.microsoft.com/technet/security/topics/networksecurity/secdeny.mspx

The IDS can detect attacks and notify you if deplyed like a honeypot would be.

Switch and MAC security is a must in my opinion. Atleast it needs to be considered. But so long as your LAyer 3 devices dont forward Broadcasts to layer 2 segments. Hope this helps you out

(in reply to tinto)
Post #: 2
RE: Question about Layer 2 security - 29.Mar.2005 2:55:00 PM   
tinto

 

Posts: 247
Joined: 9.Sep.2004
From: Italy
Status: offline
quote:
Originally posted by cgregory:

http://www.packetwatch.net/documents/papers/layer2sniffing.pdf

http://www.microsoft.com/technet/security/topics/networksecurity/secdeny.mspx

Switch and MAC security is a must in my opinion. At least it needs to be considered. But so long as your LAyer 3 devices dont forward Broadcasts to layer 2 segments. Hope this helps you out

thank you... gotta read them
in fact I have already had some experience using little funny programs that know about ARP poisoning methods and "man in the middle" attacks [Big Grin]
but maybe there is still paople thinking that "it's impossible to sniff in switched networs" [Wink]

I think that the router connecting us with the internet should never forward layer2 data, so we can be quite sure on the external side, at the same time we should consider what a malicious internal use can do...

(in reply to tinto)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> Question about Layer 2 security Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts