1 / 17

Putting 2 & 2 Together

Putting 2 & 2 Together. By Stephen Dugan, CCSI scdugan@101labs.com. Introduction. Welcome to the presentation and Thank you for coming! Who is the speaker? What is the focus of the presentation?. Introduction Section 1 – Current Design Best Practices

barton
Télécharger la présentation

Putting 2 & 2 Together

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Putting 2 & 2 Together By Stephen Dugan, CCSI scdugan@101labs.com

  2. Introduction Welcome to the presentation and Thank you for coming! • Who is the speaker? • What is the focus of the presentation?

  3. Introduction Section 1 – Current Design Best Practices Section 2 – Emerging Design Practices Extras? Agenda

  4. Section 1 Current Design Model

  5. Building Block of Network Design Access Distribution Ethernet Layer 2 or Layer 3 CORE Building Block Additions Server Farm WAN Internet PSTN

  6. Section 1 – Current Design Model Features: Link redundancy Load-Sharing Fast Convergence Manageable Scalable Security could be stronger….

  7. Section 1 – Current Design Model L2 Functions that provide security: Root Guard PortFast BPDU Guard Port Security Management VLAN Private VLANs

  8. Section 1 – Current Design Model L3 Functions that provide security: ACLs at Distribution Layer: Ingress - Egress from Core Route Filtering Network Based IDS (if used?!?)

  9. Section 1 – Current Design Model Hard issues to Address with this design: HSRP insecurities STP weaknesses ARP Spoofing Common mis-configurations

  10. Section 2 Emerging Changes to Design Model

  11. Section 2 – Emerging Changes Main Changes is focusing around bringing the Layer 3 Routing functionality close to the end stations. OR R2D Routing to Desktop

  12. Section 2 – Emerging Changes Access Layer 3 Distribution Layer 3 Core L2 or L3 From the Physical Layout it looks the same (Good news no Rewire!)

  13. Section 2 – Emerging Changes With L3 Capabilities within the Access-Layer Box: HSRP isn’t needed STP is irrelevant Routing to Distribution Layer Concept of “Private-VLANs” can be implemented easily L3

  14. Section 2 – Emerging Changes Security Problems Solved: ARP Spoofing ROOT Take over HSRP MiTM Attack (or DOS) Better QOS handling (NBAR) L3

  15. Section 2 – Emerging Changes Dist. Dist. GigE OSPF or EIGRP GigE OSPF or EIGRP Access Layer VLAN 6 VLAN 5 VLAN 3 VLAN 4 VLAN 2

  16. Links • General Cisco Security • http://www.cisco.com/warp/public/707/21.html#http • http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip • http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm • Design • http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/gcnd_wp.htm

  17. Thank you for coming!! Special thanks to Jeff Moss, Keith Myers and the rest of the Black Hat Crew.

More Related