HPE Community
Switches, Hubs, and Modems
1752742 Members
5380 Online
108789 Solutions
New Discussion юеВ

Re: Block "man in middle attack"

 
Magnus Tengmo
Advisor

тАО08-10-2007 01:54 AM

тАО08-10-2007 01:54 AM

Block "man in middle attack"

Hi!
Does anyone have a example config how to setup edge switches with higher security.
Is it possible to block a "man in the middle attack" on 2650/2810 switches?

Is it anyone else that is possible to setup in switches to get higher security ? Dhcp snooping?

Best Regards, Magnus
0 Kudos
5 REPLIES 5
Mohieddin Kharnoub
Honored Contributor

тАО08-10-2007 05:15 PM

тАО08-10-2007 05:15 PM

Re: Block "man in middle attack"

Hi

Edge switches are Switches, but can be improved for the better secure networks, and most of the HP ProCurve products support all kind of security.

Generally speaking, Man-in-the-Middle attacks varies, and can be in many ways, so i will list the security features that you can use:

- Disable telnet and enable SSH instead.
- Disable WEB UI and enable HTTPS instead.
- Disable SNMPv1, v2c and enable SNMPv3.

Now for the best security that can fight against man-in-the-middle attacks and spoofing, is the use of 802.1x authentication.

If you can explain more about the environment you have, we can suggest you a secure topology using ProCurve.

Good Luck !!!
Science for Everyone
0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-12-2008 08:24 AM

тАО05-12-2008 08:24 AM

Re: Block "man in middle attack"

hi Magnus
dhcp snooping very succesfully block man in the middle attack for example config below
and other security configuration make block man in the middle attacker
1-port-securtiy and 802.1x mac.aut.
for example port securtiy under dhcp snooping config

good luck...


DHCP SNOOPING
--------------------------------------------
ProCurve Switch 2626(config)# dhcp-snooping
ProCurve Switch 2626(config)# dhcp-snooping authorized-server 100.100.100.23
ProCurve Switch 2626(config)# no dhcp-snooping option 82
ProCurve Switch 2626(config)# dhcp
ProCurve Switch 2626(config)# dhcp-snooping trust 10
ProCurve Switch 2626(config)# dhcp-snooping trust 26
ProCurve Switch 2626(config)#


ProCurve Switch 2626(config)# sh dhcp-snooping

DHCP Snooping Information

DHCP Snooping : Yes
Enabled Vlans :
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : No

Store lease database : Not configured

Authorized Servers
------------------
100.100.100.23


Port Trust
---- -----
1 No
2 No
3 No
4 No
5 No
-- MORE --, next page: Space, next line: Enter, quit: Control-C




(config)#port-security 1-23 address-limit 1 learn-mode static action send-disable

int 1-23 only one mac address connection on port two mac address or different mac address to want connection disable port


cenk

0 Kudos
Roar Pettersen_1
Advisor

тАО05-14-2008 11:34 AM

тАО05-14-2008 11:34 AM

Re: Block "man in middle attack"

This is what you want :

DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks

Dynamic ARP protection: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data

Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing
0 Kudos
Jeff Carrell
Honored Contributor

тАО05-15-2008 07:06 AM

тАО05-15-2008 07:06 AM

Re: Block "man in middle attack"

and these way cool features are only available on the newer ProVisionASIC switches (3500/6200/5400/8212)

probably not the answer you want, but it is the fact...

cheers...jeff
0 Kudos
Magnus Tengmo
Advisor

тАО05-15-2008 07:35 AM

тАО05-15-2008 07:35 AM

Re: Block "man in middle attack"

Dynamic ARP Protection works on 2626, not 2810 :(

http://h40060.www4.hp.com/procurve/uk/en/pdfs/support/software/SWFeaturesMatrix.pdf

/Magnus
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.