Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Block "man in middle attack"

Block "man in middle attack"

Hi!
Does anyone have a example config how to setup edge switches with higher security.
Is it possible to block a "man in the middle attack" on 2650/2810 switches?

Is it anyone else that is possible to setup in switches to get higher security ? Dhcp snooping?

Best Regards, Magnus
5 REPLIES
Mohieddin Kharnoub
Honored Contributor

Re: Block "man in middle attack"

Hi

Edge switches are Switches, but can be improved for the better secure networks, and most of the HP ProCurve products support all kind of security.

Generally speaking, Man-in-the-Middle attacks varies, and can be in many ways, so i will list the security features that you can use:

- Disable telnet and enable SSH instead.
- Disable WEB UI and enable HTTPS instead.
- Disable SNMPv1, v2c and enable SNMPv3.

Now for the best security that can fight against man-in-the-middle attacks and spoofing, is the use of 802.1x authentication.

If you can explain more about the environment you have, we can suggest you a secure topology using ProCurve.

Good Luck !!!
Science for Everyone
cenk sasmaztin
Honored Contributor

Re: Block "man in middle attack"

hi Magnus
dhcp snooping very succesfully block man in the middle attack for example config below
and other security configuration make block man in the middle attacker
1-port-securtiy and 802.1x mac.aut.
for example port securtiy under dhcp snooping config

good luck...


DHCP SNOOPING
--------------------------------------------
ProCurve Switch 2626(config)# dhcp-snooping
ProCurve Switch 2626(config)# dhcp-snooping authorized-server 100.100.100.23
ProCurve Switch 2626(config)# no dhcp-snooping option 82
ProCurve Switch 2626(config)# dhcp
ProCurve Switch 2626(config)# dhcp-snooping trust 10
ProCurve Switch 2626(config)# dhcp-snooping trust 26
ProCurve Switch 2626(config)#


ProCurve Switch 2626(config)# sh dhcp-snooping

DHCP Snooping Information

DHCP Snooping : Yes
Enabled Vlans :
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : No

Store lease database : Not configured

Authorized Servers
------------------
100.100.100.23


Port Trust
---- -----
1 No
2 No
3 No
4 No
5 No
-- MORE --, next page: Space, next line: Enter, quit: Control-C




(config)#port-security 1-23 address-limit 1 learn-mode static action send-disable

int 1-23 only one mac address connection on port two mac address or different mac address to want connection disable port


cenk

Re: Block "man in middle attack"

This is what you want :

DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks

Dynamic ARP protection: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data

Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing
Jeff Carrell
Honored Contributor

Re: Block "man in middle attack"

and these way cool features are only available on the newer ProVisionASIC switches (3500/6200/5400/8212)

probably not the answer you want, but it is the fact...

cheers...jeff

Re: Block "man in middle attack"

Dynamic ARP Protection works on 2626, not 2810 :(

http://h40060.www4.hp.com/procurve/uk/en/pdfs/support/software/SWFeaturesMatrix.pdf

/Magnus