Layer 2 Security Threats Quiz

Questions and Answers

What are some examples of Layer 2 security threats?

MAC Table Attacks, VLAN Attacks, DHCP Attacks, ARP Attacks, Address Spoofing Attacks, STP Attacks

How can Port Security help prevent attacks?

Prevents MAC address flooding attacks and DHCP starvation attacks

What is the purpose of Dynamic ARP Inspection (DAI)?

Prevents ARP spoofing and ARP poisoning attacks

What is the main vulnerability exploited in MAC address table flooding attacks?

Switch MAC address tables have a fixed size and can run out of resources

What are some recommended strategies for securing management protocols?

Use secure variants of management protocols, consider out-of-band management network, use a dedicated management VLAN, and use ACLs to filter unwanted access

What is the significance of Layer 2 security in a network?

If Layer 2 is compromised, then all the layers above it are also affected.

How can a threat actor's access to Layer 2 frames affect network security?

It would render all the security implemented on the layers above useless.

Why is Layer 2 considered the weakest link in the system?

LANs were traditionally under the administrative control of a single organization.

What security solutions do network administrators use to protect layers 3 through 7?

VPNs, firewalls, and IPS devices

Why is it important for network administrators to routinely implement security solutions?

To protect the elements in Layer 3 up through Layer 7.

MAC address flooding attacks take advantage of this limitation by bombarding the switch with fake source MAC addresses until the switch MAC address table is full. When this occurs, the switch treats the frame as an unknown unicast and begins to flood all incoming ______.

traffic

To make forwarding decisions, a Layer 2 LAN switch builds a table based on the source MAC addresses in received ______. This is called a MAC address table.

frames

These Layer 2 solutions will not be effective if the management protocols are not ______.

secured

Always use secure variants of management protocols such as SSH, Secure Copy Protocol (SCP), Secure FTP (SFTP), and Secure Socket Layer/Transport Layer Security (SSL/TLS). Consider using out-of-band management network to manage devices. Use a dedicated management VLAN where nothing but management ______ resides.

traffic

Use ACLs to filter unwanted ______.

access

Network administrators routinely implement ______ solutions to protect the elements in Layer 3 up through Layer 7. They use VPNs, firewalls, and IPS devices to protect these elements. However, if Layer 2 is compromised, then all the layers above it are also affected. For example, if a threat actor with access to the internal network captured Layer 2 frames, then all the ______ implemented on the layers above would be useless. The threat actor could cause a lot of damage on the Layer 2 LAN networking infrastructure.

security

Security is only as strong as the ______est link in the system, and Layer 2 is considered to be that ______ link. This is because LANs were traditionally under the administrative control of a single organization.

weak

The figure shows the function of each layer and the core ______ that can be exploited. Network administrators routinely implement security solutions to protect the ______ in Layer 3 up through Layer 7. They use VPNs, firewalls, and IPS devices to protect these ______. However, if Layer 2 is compromised, then all the layers above it are also affected. For example, if a threat actor with access to the internal network captured Layer 2 frames, then all the security implemented on the layers above would be useless. The threat actor could cause a lot of damage on the Layer 2 LAN networking infrastructure.

elements

If Layer 2 is compromised, then all the layers above it are also ______. For example, if a threat actor with access to the internal network captured Layer 2 frames, then all the security implemented on the layers above would be useless. The threat actor could cause a lot of damage on the Layer 2 LAN networking infrastructure.

affected

Security is only as strong as the weakest link in the system, and Layer 2 is considered to be that weak link. This is because LANs were traditionally under the ______ control of a single organization.

administrative

Study Notes

• The OSI reference model consists of seven layers, with Layer 2 being a weak link in network security.
• LANs were historically under the control of a single organization, making them vulnerable to attacks.
• Layer 2 security threats include MAC table attacks, VLAN attacks, DHCP attacks, ARP attacks, and address spoofing attacks, among others.
• MAC table attacks, such as flooding, can make a switch treat frames as unknown unicasts and flood all incoming traffic.
• Port security, DHCP snooping prevention, dynamic ARP inspection (DAI), and IP source guard (IPSG) are Layer 2 security solutions to prevent various attacks.
• Management protocols must be secured to ensure effectiveness of Layer 2 security solutions.
• Recommended strategies for securing management protocols include using secure variants, out-of-band management networks, dedicated management VLANs, and access control lists (ACLs).
• A MAC address table is a table built by a Layer 2 switch to make forwarding decisions based on source MAC addresses, and it has a fixed size.
• MAC address flooding attacks take advantage of the fixed size of MAC address tables by bombarding the switch with fake source MAC addresses until the table is full.

Description

Test your knowledge of layer 2 security threats with this quiz, which covers vulnerabilities and concepts related to LAN security, switching, routing, and wireless essentials v7.0 (SRWE). This quiz is based on the Cisco module 10 curriculum.