Why Layer 2 Is Important

LAN and Ethernet switches are usually viewed as plumbing. They are easy to install and configure, but it is also easy to forget about security when the installation procedure appears simple on the surface.

Layer 2 networks have multiple vulnerabilities. Attack tools to exploit these vulnerabilities started to appear a couple of years ago (for example, the well-known dsniff package). By using attack tools that exploit flaws or wrong configurations in the switch’s infrastructure, a malicious user can defeat the security myth of a switch that wrongly states that sniffing and packet interception are impossible with a switch. Indeed, with dsniff, Yersinia, Cain & Abel, and other user-friendly tools on MS Windows or Linux systems, an attacker can easily divert any traffic to his/her own PC to break the confidentiality or the integrity of this traffic.