ARP poisoning by a hacker is probably the worst attack your LAN could suffer because it's extremely sneaky, very efficient and all too easy to perform. But there are two ways to protect yourself from an ARP spoofing/posioning attack, according to Christoper Paggen, author of LAN Switch Security: What Hackers Know About Your Switches, published by Cisco Press.
The options for your defense are to either monitor suspicious ARP traffic on a machine connected to the LAN (using ARPWatch for instance, a free Linux utility) or rely on the switch's built-in security mechanism, Paggen told attendees to Network World's live online text chat with the author on Thursday.
During the one-hour chat, Paggen covered a range of security topics, including P2P security issues, wireless LAN threats, and protecting against multicast storms.
Read the entire transcript of the chat here.
Check out Network World's upcoming chats with Keith "Cool Tools" Shaw, and Nicholas "Does IT Matter?" Carr, plus access transcripts of past chats with experts including Cisco Subnet's very own bloggers Wendell Odom (Cisco certifications guru) and Jeff Doyle (IP routing expert).
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
The Cisco Subnet blog is the official blog of the Network World Cisco Subnet community, managed by Editor Linda Leung. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
(WAN community)
|
|
The forest for the trees syndrome.
Yet again, short sighted recommendations leaves the readers worse off. Regardless of how easy or prevalent ARP poisoning may be, it's still one of numerous threats every network faces. Again, without the benefit of any baseline expectation and knowledge of what's happening on the network, you may as well not even give two hoots about security because all you're doing is reacting to the next fire-fighting event.
The idea that anyone can reasonable keep tabs on a hundred different alarm events and claim to be proactive is laughable. For every event that triggers an alarm, how many other trends are occurring just under a threshold that pose a serious problem? People have become so indoctrinated into technology doing their work for them it's bred a level of incompetence into the main stream. Now everyone is spending money on all these expensive systems and correlation thingies believing that they're somehow more secure. Phttbhbhbthththth! Nonsense.
Looking for ARP poison out of all the potential things that could happen (open ports, rogue machines, unauthorized file uploads, traffic contention, routing problems, abuse) is like fork lifting an entire network just because someone suggests that it makes sense. And if the executive team really knew what was happening would IT budgets continue to grow?