The data-link layer
provides the functional and procedural means to transfer data among network entities with interoperability and
interconnectivity to other layers, but from a security perspective, it presents its own challenges.
Layer 2 attacks are difficult to achieve from outside the network. The attacker needs to be inside the network to
be able to abuse Layer 2. Some very serious Layer 2 attacks are possible that can cause damage to the
network. If Layer 2 is compromised, it can in turn compromise all other layers in succession.
Network security implementations, in most cases, are highly focused on securing Layer 3 and above with
firewalls, intrusion detection systems, and encryption technologies. Little to no attention is given to secure
Layer 2. It is often said that network security is only as strong as the weakest link, and that may well be Layer 2
of the OSI model. Several Layer 2 attacks exist that pose major threats to other layers in the OSI layeredmodel
(Layer 3 and above). These include MAC spoofing, MAC flooding, ARP spoofing, Spanning-Tree attacks,
and VLAN hopping. These attacks and others are discussed in this section with appropriate mitigation
techniques.
CAM Table Overflow??”MAC Attack
Content Addressable Memory (CAM) tables are storage locations that contain lists of MAC addresses available on
physical ports of the switch along with their associated VLAN parameters.
Pages:
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401