Page 390 - StudyBook.pdf
P. 390
374 Chapter 6 • Infrastructure Security: Devices and Media
Switches
Switches are a type of networking device similar to hubs, which connect network
equipment together. Switches differ from routers primarily in that routers are used
to join network segments and Layer 2 switches are used to create that network seg-
ment. Layer 2 switches operate at the data link layer of the OSI model and use the
Media Access Control (MAC) addresses of network cards to route packets to the
correct port. Layer 3 switches are closer in function to routers and operate at the
network layer of the OSI model.These switches route packets based on the network
address, rather than using the MAC address.They both offer a great advantage over
hubs in that they eliminate packet collisions by giving each system a direct connection
with its destination system.A packet collision occurs when two or more packets are
sent across the physical network at the same time.When many systems are on a net-
work attempting to communicate, a large number of collisions can occur and slow
down the overall network unless they are curbed by the use of a switch.
Switches offer greater network security by controlling the amount of data that
can be gathered by sniffing on the network.With a hub, all data going across the
network is sent to all ports on the hub.This means that any system connected into
the hub is able to run a sniffer and collect all of the data going to all of the systems
connected to the hub.This can give an attacker access to passwords, confidential
data, and further insight into the network configuration.With a switch, each con-
nection is given a direct path to its destination.This has the side effect of blocking
communications data from systems passively sniffing on the network. Since they
can only see data coming from and going to their system, they are not able to
gather much unauthorized data.When a switch first boots up without any infor-
mation as to which systems are connected to which port, it broadcasts the traffic
for individual systems until their location is determined.After the switch knows
which port each system is connected to, it routes packets directly out that port
rather than broadcasting.
However, if an intruder gains administrative access to a switch, they can over-
come this safety feature by using the switched port analyzer (SPAN) or mirroring
feature.To use SPAN, the switch is configured to route a copy of all packets going
to or from one or more ports to a specific port.A sniffer is then placed on the port
that the copy is being routed to and reads all of the packets going through the
switch.The SPAN feature is often used by network administrators to perform trou-
bleshooting on their networks; however, this can also be exploited by an intruder.
Switches also have the ability to segment networks using virtual local area net-
works (VLANs), which gives the added capability of segmenting out the network
www.syngress.com
