Cloud & Networking
Reader small image

You're reading from  Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide

Product typeBook
Published inNov 2020
PublisherPackt
ISBN-139781800208094
Edition1st Edition
Tools
Cisco UCS
Concepts
Network Security
Right arrow
Author (1)
Glen D. Singh
Glen D. Singh
author image
Glen D. Singh

Glen D. Singh is a cybersecurity author, educator and SecOps professional. His areas of expertise are cybersecurity operations, offensive security tactics and techniques, and enterprise networking. He holds a Master of Science (MSc) in cybersecurity and many industry certifications from top awarding bodies such as EC-Council, Cisco, and Check Point. Glen loves teaching and mentoring others while sharing his wealth of knowledge and experience as an author. He has written many books, which focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response, network security, and enterprise networking. As an aspiring game changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.
Read more about Glen D. Singh

Right arrow

Chapter 14: Implementing Layer 2 and Wireless Security

Implementing network security practices and configurations should be like second nature to a network engineer. As a professional, it's important that you learn about various Layer 2 threats and how a threat actor can take advantage of vulnerabilities found within various Layer 2 network protocols. Our job is to make the organization's network safe and free from cyber attacks.

During the course of this chapter, you will learn about the need to use a defense-in-depth (DiD) approach to secure both your users and devices on a network. Furthermore, you will learn how to identify various Layer 2 threats and attacks that are used to compromise an organization. Lastly, you will gain the knowledge and hands-on experience to implement various Layer 2 security controls to prevent and mitigate such attacks.

In this chapter, we will cover the following topics:

  • Types of Layer 2 attacks on a network
  • Protecting against...

Technical requirements

To follow along with the exercises in this chapter, please ensure that you have met the following software requirements:

The code files for this chapter are available at: https://github.com/PacktPublishing/Implementing-and-Administering-Cisco-Solutions/tree/master/Chapter%2014.

Check out the following video to see the Code in Action:https://bit.ly/3coKE2Q

Types of Layer 2 attacks on a network

Throughout your journey, you will be exposed to many exciting technologies and environments. One such area an IT professional needs to know is cybersecurity and network security. As a network engineer, you won't always be designing and implementing networking technologies, but will also be responsible for the security of the network and its users. Today, newly emerging threats are surfacing – and will continue to – as hackers are developing new strategies and tools to compromise their targets.

Nowadays, hackers don't just hack for fun. Some hackers create sophisticated malware such as ransomware to encrypt all your data on your computer and request you pay a ransom to release your assets (data). Currently, there's a huge shortage of cybersecurity professionals in the world to combat the growing number of cyber threats on the internet. As a network engineer, you also play an important part in helping organizations...

Protecting against Layer 2 threats

Quite often, many organizations think cyber threats and attacks originate from outside of their organization, such as the internet. However, some of these threats and attacks can occur from within. These threats can be in the form of an innocent employee connecting an unauthorized device to the network, such as a switch or even a wireless router, or a disgruntled employee who wants to take down the company's network infrastructure for personal reasons. Your responsibility as a network engineer is not only to design and build networks for connectivity but also to ensure the security of the network.

In this section, you will learn how to implement security controls on your switches to prevent various Layer 2 attacks such as those mentioned in the previous sections.

Port security

Sometimes, when implementing a newly configured switch on a production network, the network engineer may honestly forget to secure any unused interfaces/ports...

Wireless network security

Many organizations implement a wireless network to support the mobility of their users. Implementing a Wireless LAN (WLAN) offers convenience to users with mobile devices, thereby allowing them to roam around the building and work from anywhere. With a WLAN, it is open to anyone within the range of the wireless signal generated by the APs and the correct user credentials to access the corporate network. WLANs create an entire landscape of threats and attacks by threat actors and even disgruntled employees.

The following are some of the threats posed to a wireless network:

  • A threat actor can intercept traffic on a wireless network. The threat actor does not need to be within the building, but rather within the range of the wireless signal. It's recommended that all wireless traffic should be encrypted to prevent any eavesdropping.
  • An intruder may be present on the wireless network. This is someone who is not authorized to access the wireless...

Summary

During the course of this chapter, you have learned about the need to use a multi-layered approach known as Defense-in-Depth to improve the security posture of your network and organization. Furthermore, you have learned how threat actors can use various Layer 2 threats and attacks to compromise our enterprise network. Next, we covered how to implement Layer 2 security controls on your Cisco IOS switches to prevent and mitigate Layer 2 attacks and wireless security to secure your network.

I hope this chapter has been informative for you and will prove helpful in your journey toward learning how to implement and administer Cisco solutions and prepare for the CCNA 200-301 certification. In the next chapter, Network Automation and Programmability Techniques, you will learn how automation and programmability can improve efficiency in network deployment and management.

Questions

The following is a short list of review questions to help reinforce your learning and help you identify areas that require some improvement:

  1. Which of the following is a type of malware that is designed to encrypt your data?

    A. Worm

    B. Ransomware

    C. Polymorphic

    D. Trojan

  2. A security professional implements multiple security components to improve the security posture of the organization. What is the security professional trying to do?

    A. Install anti-malware on all devices.

    B. Install host-based firewalls on all end devices.

    C. Implement email security.

    D. Implement Defense in Depth.

  3. A threat actor is attempting to force a switch to flood all its inbound traffic out of all other ports. What type of attack is the threat actor performing?

    A. IP spoofing

    B. CAM table overflow

    C. Man-in-the-middle

    D. ARP spoofing

  4. Another attacker is attempting to gain unauthorized access to a VLAN. What type of attack is being performed by the attacker?

    A. An 802.1Q attack

    B. A DTP attack

    C...

Further reading

The following links are recommended for additional reading:

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 20 of 26
Next Chapter
You have been reading a chapter from
Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide
Published in: Nov 2020Publisher: PacktISBN-13: 9781800208094
© 2020 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Glen D. Singh

Glen D. Singh is a cybersecurity author, educator and SecOps professional. His areas of expertise are cybersecurity operations, offensive security tactics and techniques, and enterprise networking. He holds a Master of Science (MSc) in cybersecurity and many industry certifications from top awarding bodies such as EC-Council, Cisco, and Check Point. Glen loves teaching and mentoring others while sharing his wealth of knowledge and experience as an author. He has written many books, which focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response, network security, and enterprise networking. As an aspiring game changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.
Read more about Glen D. Singh

Other recommended products

Related to this chapter

CCENT/CCNA: ICND1 100-105 Certification Guide

CCENT/CCNA: ICND1 100-105 Certification Guide

CCENT is the entry-level certification for those looking to venture into the networking world. This book is designed to help you prepare for the ICND Part 1 (100 – 105) exam, thus obtaining the CCENT certification. Apart from learning computer network essentials, you will be able to enhance your networking skills by learning switching and routing, troubleshooting, security, and more

BookApr 2018362 pages
Cisco Certified CyberOps Associate 200-201 Certification Guide

Cisco Certified CyberOps Associate 200-201 Certification Guide

The Cisco Certified CyberOps Associate 200-201 certification exam helps you gain the skills and knowledge needed to prevent, detect, analyze, and respond to cybersecurity incidents. This book offers complete up-to-date coverage of the 200-201 exam so you can confidently pass first time while getting hands-on cybersecurity experience.

BookJun 2021660 pages
CCNA Security 210-260 Certification Guide

CCNA Security 210-260 Certification Guide

With a CCNA Security certification, you can demonstrate the skills required to develop a security infrastructure, recognize threats to networks, and mitigate security threats. Geared towards Cisco Security, the practical aspects of this book will help you clear the CCNA Security Exam (210-260) by increasing your knowledge of Network Security.

BookJun 2018518 pages
CCNA Routing and Switching 200-125 Certification Guide

CCNA Routing and Switching 200-125 Certification Guide

Cisco Certified Network Associate (CCNA) Routing and Switching is one of the most important certificates in order to stay up-to-date with networking skills. This Certification Guide covers everything you need to know in order to pass the CCNA Routing and Switching 200-125.

BookOct 2018504 pages
CompTIA Network+ Certification Guide

CompTIA Network+ Certification Guide

CompTIA Network+ Certification Guide makes the most complex Network+ concepts easy to understand despite having no prior knowledge. It offers exam tips in every chapter along with access to practical exercises and exam checklist that map to the exam objectives and it is the perfect study guide to help you pass CompTIA Network+ exam.

BookDec 2018422 pages
Implementing Cisco Networking Solutions

Implementing Cisco Networking Solutions

Most enterprises use Cisco networking equipment to design and implement their networks. However, some networks outperform networks in other enterprises in terms of performance and meeting new business demands, because they were designed for the present while keeping the future in mind. This book talks about how to design and implement enterprise networks for small to mid-size organizations efficiently and effectively, so that the network design can accommodate newer demands from the users in a seamless manner, ranging from adding more branches/ users to adding new services, and evaluating and implementing new technologies to optimize costs, or enhance the user experience.

BookSep 2017436 pages5
Networking Fundamentals

Networking Fundamentals

Networks are a collection of computers, servers, mobile devices or other computing devices connected with a view to sharing data. This book will help you get well-versed with the basic concepts of networking and will help you to pass Microsoft's MTA Networking Fundamentals Exam 98-366

BookDec 2019510 pages
Learn Kali Linux 2019

Learn Kali Linux 2019

The current trend of various hacking and security breaches displays how important it has become to pentest your environment, to ensure end point protection. This book will take you through the latest version of Kali Linux to efficiently deal with various crucial security aspects such as confidentiality, integrity, access control and authentication.

BookNov 2019550 pages
MCSA Windows Server 2016 Certification Guide: Exam 70-741

MCSA Windows Server 2016 Certification Guide: Exam 70-741

This practical certification guide covers the most important exam objectives in exam 70-741. Additionally, this certification guide will come in handy when preparing to take exam 70-743.

BookApr 2019182 pages
Advanced Infrastructure Penetration Testing

Advanced Infrastructure Penetration Testing

This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices , modern operating systems and help you secure high security environments.

BookFeb 2018396 pages
Cisco ACI Cookbook

Cisco ACI Cookbook

Cisco ACI cookbook is a step by step guide that simplifies the complex Cisco Application Centric Infrastructure for you. Using the practical recipes in this book you can efficiently develop and adapt hybrid environments for your organisation. This book provides an all-round idea of Cisco ACI and will enable you to develop skills using which you can automate IT tasks efficiently.

BookMay 2017424 pages
Practical Network Automation

Practical Network Automation

Network automation is the process of automating the management and functionality of computer networks. Numerous tools, methodologies, and technologies are used to automate a network; this book covers all these functionalities.

BookNov 2017266 pages

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2