Hello everyone,
Over the past few months, I have been working on auditing a large Cisco network. It has been very slow process due to the size of this infrastructure and the amount of appliances I need to review. I also wanted to make sure that the network review included a complete review of the layer 2 devices.
Now, I love my job but it is impossible to have a deep understanding of everything that is networking. My layer 2 auditing experience definitely needed some improvement. So, I used this time as a chance for me to improve a skill area that was lacking.
I have been looking all over the internet for sources of information on Cisco switch security settings and have had good luck in finding loads of information on the subject. The problem is that it is generally scattered all over the place. Cisco's website had quit a bit of the information but you really needed to be direct with your searches.
While I was searching the web, I keep thinking about the FBI's Cisco router security guide. I mean they wrote a book on locking down routers, but they forgot the switches.
So, I decided to compile the documentation I discovered in one location. Yes, you guessed it, it will sit here on my site.
Now, I am not taking credit for this work. All I am doing is compiling a list of links and documents together that deal with layer 2/3 switch security on my site.
Also, I will be posting my switch auditing process so that all you admins out here can use my framework to audit your infrastructures. I am such a nice guy. hehe
Cisco routers are always the hot topic when we talk about network security. It seems like most system admins and network security engineers forget about the layer 2 devices. Why? The switches can be a great way to recon a network or used as an avenue of attack. I mean, they touch all of data on the network at one time or another.
The goal of my paper is to help all of the admins out there understand the attacks that can effect you layer2/3 switches and how you can lock them down. I will include the IOS and CatOS commands for you.
This paper will be a living document and will change from time to time, so be sure to check back for updates. I will also include a list of tools hackers can use to attack your switches and (hopefully) screen shots of the tools in action. I will also try to post the source of Perl scripts that help me in my auditing of layer2/3 devices.
Please use this info responsibly. I am posting to help admins out here audit there networks. Use this info at your own risk.
madnos
Comments