Cisco Security presented at BlackHatAsia 2002

by Stephen Dugan,

Summary : This talk will focus on tying together your security within a well designed campus network. Understanding the layer 2 and layer 3 attacks against your Cisco network is one thing, learning how to apply methods to stop them within a structured design is another matter. Practical application of these security measures brings many challenges, compromises, and common mistakes.
We will tackle this from a couple different approaches. First we will look at some design models and show some possible security issues inherent with the model itself. What specific commands will be needed, and where will they be applied, within your network. Second we will look at some proactive testing. Start some sniffing at the user’s connection at look for things we shouldn’t see. If we see protocols like L3 Routing updates, CDP, STP or others where could we apply commands to stop the user from seeing network management protocols? Third we will look at some configurations and point out some common mistakes that lead to opening various security holes.