hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 50 today we are discussing about Switches.Now hubs were originally used to connect devices on a network.All of the devices will be connected to a hub,and anytime something went into one port of the hub,it would then repeat that out all of the other ports.This was known as a broadcast message.Now this is because hubs were dumb.They had no intelligence.As networks got larger,hubs caused a lot of collisions and slowed down the network.To solve this problem,something came along called a bridge,and this was used to separate physical LANs or WANs into two logical networks,or connect two logical networks together.Now switches are the evolution of hubs and bridges.Essentially every single port on a switch acts as if it was a bridged hub on each one.This means that it improves the data transfer and security through the intelligent use of MAC addresses.Being able to figure out where a device is and only sending the information out that particular port of the switch and ignoring the rest.This reduces traffic and increases security.Now switches are subject to three main types of attack though.They are subject to MAC flooding, MAC spoofing,and physical tampering.This is because they're trying to overcome that logic and intelligence that the switch has.MAC flooding is an attempt to overwhelm the limited switch memory that's set aside to store the MAC addresses for each port,and this is known as the content addressable memory,or CAM table.Now if a switch is flooded, it can fail-open and begin to start acting like a hub and broadcasting data out every single port.This is a problem that can start causing confidentiality to be breached inside your local network.Now MAC spoofing, on the other hand,occurs when an attacker masks their own MAC address to pretend that they are having the MAC address of some other machine on the network.For example, wireless access points may use MAC filtering to prevent devices that are unknown from joining the wireless network.They do this my looking at their MAC address that's being reported,and if it's not inside their access control list,they'll block it from connecting.Now if I switch my MAC address to a known or allowed device,I can gain access to that network though by spoofing.I pretend that I am an authorized device using a known good MAC address,and I pass right through that ACL.MAC spoofing is also sometimes combined with ARP spoofing.ARP is an address resolution protocol,and it relies on the MAC addresses as a way of combining what MAC address goes to which IP,and which IP goes to which MAC address.So they often combine a MAC address spoof with an ARP spoof as an attempt to be able to have the attacker appear that they are the destination that somebody is trying to send information to,and use that as a way to steal that information.Now to prevent this,you have to configure your switch to accept limited numbers of static MAC addresses,limit the duration of time that an ARP entry is allowed on a host,and conduct ARP inspections.To keep track of what ARP is being used with which MAC address and which IPs.The third type of way to overwhelm a switch is to use physical tampering.Physical tampering occurs when an attacker attempts to gain physical access to the switch,because if you can touch a device,you can pretty much configure it to do whatever you want.Now to prevent physical tampering,the switch should be locked up in a network rack, or a network closet,or behind closed doors so that, that room is secure using good physical security practices. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app