52ky 发表于 2022-9-12 19:17:36

配置思科交换机端口安全性

配置思科交换机端口安全性摘要:《思科网络技术学院教程CCNAExplorations<imgsrc="static/image/smiley/default/sweat.gif"smilieid="10"border="0"alt=""/>AN交换和无线》为思科网络技术学院CCNAExploration第4版课程的配套书面教材,第2章讲述的是交换机基本概念和配置。本节说的是配置端口安全性。未提供端口安全性的交换机将让攻击者连接到系统上未使用的已启用端口,并履行信息搜集或攻击。交换机可被配置为像集线器那样办公,这意味着连接到交换机的每一台系统都有可能检测通过交换机流向与交换机相连的一切系统的一切网络流量。因而,攻击者可以搜集含有效户名、密码或网络上的系统配置信息的流量。在部署交换机之前,应维护一切交换机端口或接口。端口安全性限制端口上所许可的有效MAC地址的数量。假如为安全端口分配了安全MAC地址,那么当数据包的源地址不是已定义地址组中的地址时,端口不会转发这些数据包。假如将安全MAC地址的数量限制为一个,并为该端口只分配一个安全MAC地址,那么连接该端口的办公站将保证取得端口的全面带宽,而且只要地址为该特定安全MAC地址的办公站才干成功连接到该交换机端口。假如端口已配置为安全端口,而且安全MAC地址的数
配置思科交换机端口安全性.pdf

(Configuring Cisco Switch Port Security Summary: "Cisco Networking Academy Tutorial CCNAExplorations<imgsrc="static/image/smiley/default/sweat.gif"smilieid="10"border="0"alt=""/>AN Switching and "Wireless" is a supporting written teaching material for the 4th edition of CCNAExploration course of Cisco Network Technology Academy. Chapter 2 describes the basic concepts and configuration of switches. This section talks about configuring port security. A switch that does not provide port security would allow an attacker to connect to an unused enabled port on the system and perform information gathering or attack. A switch can be configured to act like a hub, which means that every system connected to the switch has the potential to detect all network traffic flowing through the switch to all systems connected to the switch. Thus, attackers can collect traffic with valid usernames, passwords, or system configuration information on the network. All switch ports or interfaces should be maintained before deploying the switch. Port security limits the number of valid MAC addresses permitted on a port. If a secure port is assigned a secure MAC address, the port will not forward packets when their source address is not an address in the defined address group. If the number of secure MAC addresses is limited to one, and only one secure MAC address is assigned to the port, the office station connected to the port will be guaranteed to obtain the full bandwidth of the port, and only the office station with the address of that particular secure MAC address will be able to Successfully connected to the switch port. If the port is configured as a secure port and the number of secure MAC addresses
Configuring Cisco Switch Port Security.pdf)




页: [1]
查看完整版本: 配置思科交换机端口安全性