Campus access devices and Layer 2 communication are largely
unconsidered in most security discussions.
Routers and switches that are internal to an organization and designed to accommodate
communication by delivering campus traf?¬?c have a default operational mode that forwards
all traf?¬?c unless it is con?¬?gured otherwise. Their function as devices that facilitate
communication often results in minimal security con?¬?guration and renders them targets for
Securing the Expanded Network 67
malicious attacks. If an attack is launched at Layer 2 on an internal campus device, the rest
of the network can be quickly compromised, often without detection. Figure 2-34 shows a
trend in the lack of security toward the user access layer.
Figure 2-34 Security Decreases Near the Access Layer
Like Layer 3, where security traditionally has had to be tightened on devices within the
campus as malicious activity that compromised this layer has increased, Layer 2 requires
that security measures be taken to guard against attacks that are launched by maliciously
leveraging normal Layer 2 switch operations. Many security features are available for
switches and routers, but you must enable them to make them effective.
Pages:
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121