Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Use Encrypted Protocols > Use Encrypted Protocols - Pg. 117

Defenses against Man-in-the-Middle Attacks 117 Port security allows administrators to assign rules to access interfaces to deter- mine if devices connecting to ports are indeed authorized to connect and access the network. This type of filtering can be accomplished by the administrator configuring switches on a port-by-port basis manually or dynamically by switch software. Once configured correctly, the switch can identify suspicious network traffic and devices that may not be authorized to connect to the network and immediately restrict traffic while also notifying administrators of potential security issues. Some implementations of port security will determine access based on what hardware addresses are connected to each port. For example, in a situation where port security is enabled and a desktop computer is plugged into the switch port, the switch will learn the physical address of the desktop computer and only allow that hardware device to connect on that port. Should someone disconnect the desktop computer and attempt to plug in a laptop or other device, the port would identify the change and shut down the port. Once again, a notification may be sent to admin- istrators to warn of potential issues. Although this sounds like a logical method of restricting access, if an attacker has the physical address of the initial device con- nected to the port he or she may be able to spoof the physical address to gain access via the port.