Pages

Sunday, May 20, 2012

What is port security



Port security is a feature which is available on network switches to block attacks which are based on mac-addresses. Mac-spoofing and cam flooding are two attacks which are based on mac-addresses.

In a mac-spoofing attack, an attacker pretend as a valid user, by spoofing the users mac-address. The switch would then be confused as to who the valid user is and ultimately, communication would be disrupted.

In a cam flooding attack, the attacker generates a stream of mac-address to a switch port. The aim of the attacker is to overflow the mac-address-table of the switch. When such a situation is encountered, the switch would flood frames to all ports.

To prevent the above two attacks, port security is configured. Port Security is configured on a switch port. Broadly, port security can be configured to allow or disallow a specific mac-address on a switch port or a range of mac-addresses along with their values.The feature can also be used to limit the number of mac-addresses which are allowed on a switch port.
Since the port on the switch can be configured to allow specific mac-addresses, the attacker cannot impersonate(pretend) a valid user and connect to another port on the switch using the same mac-address. Also since the port security feature can be configured to limit the number of mac-addresses which are allowed on a switch port, the attacker cannot generate a stream a mac-addresses as the switch port would allow only the limit specified.




No comments:

Post a Comment