Standard Security Layer 2

ADMINISTRATIVE, PHYSICAL, AND TECHNICAL
CONTROL STANDARD SECURITY POLICIES AND
ANALYSIS OF DATA-LINK LAYER
CONFIGURATION TO PREVENT ATTACKER IN
PT.KRAKATAU POSCO

6th Project: June – Security Networking
(Update)

About the Author:
Yeni Sulastri is 24 Years old who has a dream as a
fighter in all aspect. Her motto “perfect or stop” being
motivation to do the best. She works in PT.POSCO ICT
Indonesia as a Security Network Engineer. Absolutely it
will be a hard job because the basic education of author
is not come from IT (Information Technology Engineer),
but from English. The author believe that even comes
from different educational background, she can
compete with other members. None knowledge which is
useless, it will be useful one day. 

2

A. INTRODUCTION
Switch is one of the Network OSI models. It is placed in Layer 2 – Data Link Layer. The Data link
layer is one of the least secured and most often forgotten elements of networks. It's quite
common that administrators simply connect the switches, configure them to work and then
never worry about them. Pen-testing often reveals switches, which use a vulnerable version of
IOS and are not hardened in any way.
It is also commonly thought, that implementing VLAN in a network keeps malicious attackers
away. However, VLAN architecture can just as well be defeated and therefore all higher OS layer
attacks such as sniffing passwords, Man-in-the-Middle are possible across VLANs.
Switched act as arbiters to forward and control all the data flowing across the network. It
provides the functional and procedural means to transfer data between network entities with
interoperability and interconnectivity to other layers, but from a security perspective, the data
link layer presents its own challenges. Network security is only as strong as the weakest link,
and layer 2 is no exception. There are some weaknesses in Layer 2 OSI model, so that’s why
Device in Layer 2 should be secured.
Security is generally defined as the freedom from danger or as the condition of safety.
Computer security, specifically, is the protection of data in a system against unauthorized
disclosure, modification, or destruction and protection of the computer system itself against
unauthorized use, modification, or denial of service. Because certain computer security controls
inhibit productivity, security is typically a compromise toward which security practitioners,
system users, and system operations and administrative personnel work to achieve a
satisfactory balance between security and productivity.
Controls for providing information security can be physical, technical, or administrative. These
three categories of controls can be further classified as either preventive or detective.
Preventive controls attempt to avoid the occurrence of unwanted events, whereas detective
controls attempt to identify unwanted events after they have occurred. Preventive controls
inhibit the free use of computing resources and therefore can be applied only to the degree that
the users are willing to accept. Effective security awareness programs can help increase users’
level of tolerance for preventive controls by helping them understand how such controls enable
them to trust their computing systems. Common detective controls include audit trails,
intrusion detection methods, and checksums.

B. TYPES OF CONTROLS
There are three types of control; Administrative, Physical, and Technical. The actions of these
controls are preventive and detective. Preventative controls are designed to keep errors or
irregularities from occurring in the first place. They are built into internal control systems and
require a major effort in the initial design and implementation stages. However, preventative
controls do not require significant ongoing investments. While, Detective controls are
designed to detect errors and irregularities, which have already occurred and to assure their
prompt correction. These controls represent a continuous operating expense and are often
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

3
costly, but necessary. Detective controls supply the means with which to correct data errors,
modify controls or recover missing assets

Administrative Control
- Routine security awareness
training programs
- Clearly defined security
policies
- A change management
system, which notifies
appropriate parties of a
system changes
- Logging configuration
changes
- Properly screening potential
employees ( for example,
performing criminal
background checks )
- Disaster preparedness and
recovery plan

Type of Control

Physical Control
- Security System to monitor
for intruders
- Physical security barrier (for
example, locked door)
- Climate protection systems,
to maintain proper
temperature and humidity,
in addition for alerting
personnel in the event of fire - Security personnel to guard the data

Preventive

Administrat - Security awareness and technical
training
ive Control

Physical
Control

Technical
Control

Technical Control
Security appliances (for
example, firewalls, IPSs, and
VPN)
Authorization applications (for
example, RADIUS or
TACACS+ server, one-time
password (OTP), and
biometric security scanner)
Detail configuration
Encryption

Types of Actions
Detective

- Separation of duties
- Procedures for recruiting and
terminating employees
- Security policies and procedures
- Supervision
- Disaster recovery, contingency, and
emergency plans
- User registration for computer access
- Standby monitoring non workdays
- Backup files and documentation
- Fences
- Security Guards
- Badge systems
- Double door system
- Locks and keys
- Backup power
- Biometric access controls
- Site selection
Fire extinguishers
- Access control software
- Antivirus software
- Library control system
- Passwords
- Smart cards
- Encryption
- Dial-up access control and callback
systems

-

Security reviews and audits
Performance evaluations
Required vacations
Background investigations
Rotation of duties

-

Motion Detectors
Fire and Smoke Detectors
Close-Circuit Television Monitor
Sensor and Alarms

- Audit trails
- Intrusion detection system

C. CONTROLLING ASPECTS
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

4

1. Administrative Control
Administrative controls are primarily policy-centric.

1.1.

Preventive control

a. Security awareness and technical training
Security awareness training is a preventive measure that helps users to understand the
benefits of security practices. If employees do not understand the need for the controls
being imposed, they may eventually circumvent them and thereby weaken the security
program or render it ineffective. Technical training can help users prevent the most
common security problem — errors and omissions — as well as ensure that they
understand how to make appropriate backup files and detect and control viruses.
Technical training in the form of emergency and fire drills for operations personnel can
ensure that proper action will be taken to prevent such events from escalating into
disasters.

b. Separation of duties
This administrative control separates a process into component parts, with different
users responsible for different parts of the process. Judicious separation of duties
prevents one individual from obtaining control of an entire process and forces collusion
with others in order to manipulate the process for personal gain.
c. Procedures for recruiting and terminating employees
Appropriate recruitment procedures can prevent the hiring of people who are likely to
violate security policies. A thorough background investigation should be conducted,
including checking on the applicant’s criminal history and references. Although this
does not necessarily screen individuals for honesty and integrity, it can help identify
areas that should be investigated further.
Three types of references should be obtained: (1) employment, (2) character, and (3)
credit. Employment references can help estimate an individual’s competence to
perform, or be trained to perform, the tasks required on the job. Character references
can help determine such qualities as trustworthiness, reliability, and ability to get along
with others. Credit references can indicate a person’s financial habits, which in turn can
be an indication of maturity and willingness to assume responsibility for one’s own
actions.
In addition, certain procedures should be followed when any employee leaves the
company, regardless of the conditions of termination. Any employee being involuntarily
terminated should be asked to leave the premises immediately upon notification, to
prevent further access to computing resources. Voluntary terminations may be handled
differently, depending on the judgment of the employee’s supervisors, to enable the
employee to complete work in process or train a replacement.
All authorizations that have been granted to an employee should be revoked upon
departure. If the departing employee has the authority to grant authorizations to
others, these other authorizations should also be reviewed. All keys, badges, and other
devices used to gain access to premises, information, or equipment should be retrieved
from the departing employee. The combinations of all locks known to a departing
employee should be changed immediately. In addition, the employee’s log-on IDs and
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

5
passwords should be canceled, and the related active and backup files should be either
deleted or reassigned to a replacement employee.
Any special conditions to the termination (e.g., denial of the right to use certain
information) should be reviewed with the departing employee; in addition, a document
stating these conditions should be signed by the employee. All terminations should be
routed through the computer security representative for the facility where the
terminated employee works to ensure that all information system access authority has
been revoked.
d. Security policies and procedures
Appropriate policies and procedures are key to the establishment of an effective
information security program. Policies and procedures should reflect the general
policies of the organization as regards the protection of information and computing
resources. Policies should cover the use of computing resources, marking of sensitive
information, movement of computing resources outside the facility, introduction of
personal computing equipment and media into the facility, disposal of sensitive waste,
and computer and data security incident reporting. Enforcement of these policies is
essential to their effectiveness. An outside people who will access in Data Center
(Crucial Data) must follow the security policies and do the procedures. The important
aspects are what kinds of policy and procedure should be create?
- Security Policies, Make sure the policies include the specific identity of the guest, the law
threat, what they carry in,
- Procedures, Standardizations of guest access are no capture picture, attach stickers in all
mobile phone or camera, and check hazardous tools. Operator has a big role in a
procedure, they have to supervise or monitor the process what the guess does for
preventing the human error.

e. Supervision
Often, an alert supervisor is the first person to notice a change in an employee’s
attitude. Early signs of job dissatisfaction or personal distress should prompt
supervisors to consider subtly moving the employee out of a critical or sensitive
position.
Supervisors must be thoroughly familiar with the policies and procedures related to the
responsibilities of their department. Supervisors should require that their staff members
comply with pertinent policies and procedures and should observe the effectiveness of
these guidelines. If the objectives of the policies and procedures can be accomplished
more effectively, the supervisor should recommend appropriate improvements. Job
assignments should be reviewed regularly to ensure that an appropriate separation of
duties is maintained, that employees in sensitive positions are occasionally removed
from a complete processing cycle without prior announcement, and that critical or
sensitive jobs are rotated periodically among qualified personnel.
f. Disaster recovery, contingency, and emergency plans
The disaster recovery plan is a document containing procedures for emergency
response, extended backup operations, and recovery should a computer installation
experience a partial or total loss of computing resources or physical facilities (or of
access to such facilities). The primary objective of this plan, used in conjunction with
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

6
the contingency plans, is to provide reasonable assurance that a computing installation
can recover from disasters, continue to process critical applications in a degraded
mode, and return to a normal mode of operation within a reasonable time. A key part of
disaster recovery planning is to provide for processing at an alternative site during the
time that the original facility is unavailable.
Contingency and emergency plans establish recovery procedures that address specific
threats. These plans help prevent minor incidents from escalating into disasters. For
example, a contingency plan might provide a set of procedures that defines the
condition and response required to return a computing capability to nominal operation;
an emergency plan might be a specific procedure for shutting down equipment in the
event of a fire or for evacuating a facility in the event of an earthquake.
g. Standby monitoring out workdays
In Weekend or holiday, there is no any usual activity in working area. That’s why
standby monitoring employee (called Operator) is needed. They can monitoring and
reporting a vulnerabilities and trouble of network or system device
h. User registration for computer access
Formal user registration ensures that all users are properly authorized for system and
service access. In addition, it provides the opportunity to acquaint users with their
responsibilities for the security of computing resources and to obtain their agreement
to comply with related policies and procedures.

1.2.

Detective control

a. Security reviews and audits
Reviews and audits can identify instances in which policies and procedures are not
being followed satisfactorily. Management involvement in correcting deficiencies can be
a significant factor in obtaining user support for the computer security program.
b. Performance evaluations
Regularly conducted performance evaluations are an important element in encouraging
quality performance. In addition, they can be an effective forum for reinforcing
management’s support of information security principles.
c. Required vacations
Tense employees are more likely to have accidents or make errors and omissions while
performing their duties. Vacations contribute to the health of employees by relieving
the tensions and anxieties that typically develop from long periods of work. In addition,
if all employees in critical or sensitive positions are forced to take vacations, there will
be less opportunity for an employee to set up a fraudulent scheme that depends on the
employee’s presence (e.g., to maintain the fraud’s continuity or secrecy). Even if the
employee’s presence is not necessary to the scheme, required vacations can be a
deterrent to embezzlement because the employee may fear discovery during his or her
absence.
d. Background investigations
Background investigations may disclose past performances that might indicate the
potential risks of future performance. Background investigations should be conducted
on all employees being considered for promotion or transfer into a position of trust;
such investigations should be completed before the employee is actually placed in a
sensitive position. Job applicants being considered for sensitive positions should also be
investigated for potential problems. Companies involved in government-classified
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

7
projects should conduct these investigations while obtaining the required security
clearance for the employee.
e. Rotation of duties
Like required vacations, rotation of duties (i.e., moving employees from one job to
another at random intervals) helps deter fraud. An additional benefit is that as a result
of rotating duties, employees are cross-trained to perform each other’s functions in
case of illness, vacation, or termination.

2. Physical Control
2.1.
Preventive controls
a. Backup files and documentation
Should an accident or intruder destroy active data files or documentation, it is essential
that backup copies be readily available. Backup files should be stored far enough away
from the active data or documentation to avoid destruction by the same incident that
destroyed the original. Backup material should be stored in a secure location
constructed of noncombustible materials, including two-hour-rated fire walls. Backups
of sensitive information should have the same level of protection as the active files of
this information; it is senseless to provide tight security for data on the system but lax
security for the same data in a backup location
b. Fences
Although fences around the perimeter of the building do not provide much protection
against a determined intruder, they do establish a formal no trespassing line and can
dissuade the simply curious person. Fences should have alarms or should be under
continuous surveillance by guards, dogs, or TV monitors
c. Security Guards
Security guards are often stationed at the entrances of facilities to intercept intruders
and ensure that only authorized persons are allowed to enter. Guards are effective in
inspecting packages or other hand-carried items to ensure that only authorized,
properly described articles are taken into or out of the facility. The effectiveness of
stationary guards can be greatly enhanced if the building is wired with appropriate
electronic detectors with alarms or other warning indicators terminating at the guard
station. In addition, guards are often used to patrol unattended spaces inside buildings
after normal working hours to deter intruders from obtaining or profiting from
unauthorized access
d. Badge systems
Physical access to computing areas can be effectively controlled using a badge system.
With this method of control, employees and visitors must wear appropriate badges
whenever they are in access-controlled areas. Badge-reading systems programmed to
allow entrance only to authorized persons can then easily identify intruders.
e. Double door system
Double door systems can be used at entrances to restricted areas (e.g., computing
facilities) to force people to identify themselves to the guard before they can be
released into the secured area. Double doors are an excellent way to prevent intruders
from following closely behind authorized persons and slipping into restricted areas.
f.

Locks and keys

Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

8
Locks and keys are commonly used for controlling access to restricted areas. Because it
is difficult to control copying of keys, many installations use cipher locks (i.e.,
combination locks containing buttons that open the lock when pushed in the proper
sequence). With cipher locks, care must be taken to conceal which buttons are being
pushed to avoid a compromise of the combination.
g. Backup power
Backup power is necessary to ensure that computer services are in a constant state of
readiness and to help avoid damage to equipment if normal power is lost. For short
periods of power loss, backup power is usually provided by batteries. In areas
susceptible to outages of more than 15–30 min., diesel generators are usually
recommended. Including the High Voltage (HV) Substation, Standby generators, and
Uninterruptable Power Supply (UPS) systems
h. Biometric access controls
Biometric identification is a more sophisticated method of controlling access to
computing facilities than badge readers, but the two methods operate in much the
same way. Biometrics used for identification include fingerprints, handprints, voice
patterns, signature samples, and retinal scans. Because biometrics cannot be lost,
stolen, or shared, they provide a higher level of security than badges. Biometric
identification is recommended for high-security, low-traffic entrance control.
i. Site selection
The site for the building that houses the computing facilities should be carefully chosen
to avoid obvious risks. For example, wooded areas can pose a fire hazard, areas on or
adjacent to an earthquake fault can be dangerous and sites located in a flood plain are
susceptible to water damage. In addition, locations under an aircraft approach or
departure route are risky, and locations adjacent to railroad tracks can be susceptible
to vibrations that can precipitate equipment problems.
j. Fire extinguishers
The control of fire is important to prevent an emergency from turning into a disaster
that seriously interrupts data processing. Computing facilities should be located far
from potential fire sources (e.g., kitchens or cafeterias) and should be constructed of
noncombustible materials. Furnishings should also be noncombustible. It is important
that appropriate types of fire extinguishers be conveniently located for easy access.
Employees must be trained in the proper use of fire extinguishers and in the procedures
to follow should a fire break out.
Automatic sprinklers are essential in computer rooms and surrounding spaces and
when expensive equipment is located on raised floors. Sprinklers are usually specified
by insurance companies for the protection of any computer room that contains
combustible materials. However, the risk of water damage to computing equipment is
often greater than the risk of fire damage. Therefore, carbon dioxide extinguishing
systems were developed; these systems flood an area threatened by fire with carbon
dioxide, which suppresses fire by removing oxygen from the air. Although carbon
dioxide does not cause water damage, it is potentially lethal to people in the area and
is now used only in unattended areas.
Current extinguishing systems flood the area with Halon, which is usually harmless to
equipment and less dangerous to personnel than carbon dioxide. At a concentration of
about 10%, Halon extinguishes fire and can be safely breathed by humans. However,

Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

9
higher concentrations can eventually be a health hazard. In addition, the blast from
releasing Halon under pressure can blow loose objects around and can be a danger to
equipment and personnel. For these reasons and because of the high cost of Halon, it is
typically used only under raised floors in computer rooms. Because it contains
chlorofluorocarbons, it will soon be phased out in favor of a gas that is less hazardous
to the environment.

2.2.

Detective Control

a. Motion Detectors.
In computing facilities that usually do not have people in them, motion detectors are
useful for calling attention to potential intrusions. Motion detectors must be constantly
monitored by guards.
b. Fire and Smoke Detectors
Fire and smoke detectors should be strategically located to provide early warning of a
fire. All fire detection equipment should be tested periodically to ensure that it is in
working condition.
c. Close-Circuit Television Monitor
Closed-circuit televisions can be used to monitor the activities in computing areas
where users or operators are frequently absent. This method helps detect individuals
behaving suspiciously.
d. Sensor and Alarms
Sensors and alarms monitor the environment surrounding the equipment to ensure that
air and cooling water temperatures remain within the levels specified by equipment
design. If proper conditions are not maintained, the alarms summon operations and
maintenance personnel to correct the situation before a business interruption occurs

3. Technical Control
3.1.
Preventive Controls
a. Access control software
The purpose of access control software is to control sharing of data and programs
between users. In many computer systems, access to data and programs is
implemented by access control lists that designate which users are allowed access.
Access control software provides the ability to control access to the system by
establishing that only registered users with an authorized log-on ID and password can
gain access to the computer system.
After access to the system has been granted, the next step is to control access to the
data in the system. The data or program owner can establish rules that designate who
is authorized to use the data or program.
b. Antivirus software
Viruses have reached epidemic proportions throughout the micro computing world and
can cause processing disruptions and loss of data as well as significant loss of
productivity while cleanup is conducted. In addition, new viruses are emerging at an
ever-increasing rate — currently about one every 48 hours. It is recommended that
antivirus software be installed on all microcomputers to detect, identify, isolate, and

Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

c.

d.

e.

f.

g.

10
eradicate viruses. This software must be updated frequently to help fight new viruses.
In addition, to help ensure that viruses are intercepted as early as possible, antivirus
software should be kept active on a system, not used intermittently at the discretion of
users.
Library control system
These systems require that all changes to production programs be implemented by
library control personnel instead of the programmers who created the changes. This
practice ensures separation of duties, which helps prevent unauthorized changes to
production programs
Passwords
Passwords are used to verify that the user of an ID is the owner of the ID. The IDpassword combination is unique to each user and therefore provides a means of
holding users accountable for their activity on the system.
Fixed passwords that are used for a defined period of time are often easy for hackers to
compromise; therefore, great care must be exercised to ensure that these passwords
do not appear in any dictionary. Fixed passwords are often used to control access to
specific data bases. In this use, however, all persons who have authorized access to the
data base use the same password; therefore, no accountability can be achieved.
Currently, dynamic or one-time passwords, which are different for each log-on, are
preferred over fixed passwords. Dynamic passwords are created by a token that is
programmed to generate passwords randomly.
Smart cards
Smart cards are usually about the size of a credit card and contain a chip with logic
functions and information that can be read at a remote terminal to identify a specific
user’s privileges. Smart cards now carry prerecorded, usually encrypted access control
information that is compared with data that the user provides (e.g., a personal ID
number or biometric data) to verify authorization to access the computer or network.
Encryption
Encryption is defined as the transformation of plaintext (i.e., readable data) into cipher
text (i.e., unreadable data) by cryptographic techniques. Encryption is currently
considered to be the only sure way of protecting data from disclosure during network
transmissions.
Encryption can be implemented with either hardware or software. Software-based
encryption is the least expensive method and is suitable for applications involving lowvolume transmissions; the use of software for large volumes of data results in an
unacceptable increase in processing costs. Because there is no overhead associated
with hardware encryption, this method is preferred when large volumes of data are
involved.
Dial-up access control and callback systems
Dial-up access to a computer system increases the risk of intrusion by hackers. In
networks that contain personal computers or are connected to other networks, it is
difficult to determine whether dial-up access is available or not because of the ease
with which a modem can be added to a personal computer to turn it into a dial-up
access point. Known dial-up access points should be controlled so that only authorized
dial-up users can get through.

Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

11
Currently, the best dial-up access controls use a microcomputer to intercept calls, verify
the identity of the caller (using a dynamic password mechanism), and switch the user
to authorized computing resources as requested. Previously, call-back systems
intercepted dial-up callers, verified their authorization and called them back at their
registered number, which at first proved effective; however, sophisticated hackers have
learned how to defeat this control using call-forwarding techniques.

3.2.

Detective Controls

a. Audit Trails
An audit trail is a record of system activities that enables the reconstruction and
examination of the sequence of events of a transaction, from its inception to output of
final results. Violation reports present significant, security-oriented events that may
indicate either actual or attempted policy transgressions reflected in the audit trail.
Violation reports should be frequently and regularly reviewed by security officers and
data base owners to identify and investigate successful or unsuccessful unauthorized
accesses.
b. Intrusion Detection Systems
These expert systems track users (on the basis of their personal profiles) while they are
using the system to determine whether their current activities are consistent with an
established norm. If not, the user’s session can be terminated or a security officer can
be called to investigate. Intrusion detection can be especially effective in cases in
which intruders are pretending to be authorized users or when authorized users are
involved in unauthorized activities.

D.TYPES OF ATTACK TECHNIQUES
The attack techniques on Layer 2 can be so efficient and "invisible", because there is a
fundamental problem in the OSI model which was built to allow different layers to work
without knowledge of each other and the information flows up and down to the next
subsequent layer as data is processed. If one layer is hacked, the communications are
compromised without the other layers being aware of the problem. In this case the
Layer 3 and Layer 1 will not be aware if Layer 2 is attacked. There are three main
classes of attacks, namely; Spanning Tree Protocol, Trunking Protocol, Other attack

1. Spanning Tree Protocol
Many redundant links can potentially cause Layer 2 loops, which can result in broadcast
storm. Fortunately, STP (read: Spanning Tree Protocol) can allow to physically have
redundant links while logically have a loop-free topology for preventing the potential
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

12
broadcast storm. One of STP in a switch can be a root bridge to influence which switch with
the lowest cost or priority. Another topology which closest to the root bridge being a root
port.
The attack technique of this protocol, the Spanning Tree Protocol manipulation attack,
within this framework the attacker sends BPDUs to become “root” bridge (or switch) in the
network. Therefore the attacker can influence the flow of data. Requires attacker is dual
homed to two different bridges (or switches) or one of the two connections is WLAN access
point which is not connected to the same bridge (or switch). Attacker can eavesdrop all
messages of victims; he can inject new ones in MITM position .

Notice PC2 and PC3. If an attacker gained access to the switch ports of these two PCs, he
could introduce a rogue switch that advertised superior BPDUs, causing the rogue switch
to be elected as the new root bridge. The new data path between PC1 and Server1, as
shown in Figure 6-4, now passes through the attacker’s rogue switch. The attacker can
configure one of the switch ports as a Switch Port Analyzer (SPAN) port. A SPAN port can
receive a copy of traffic crossing another port or VLAN. In this example, the attacker could
use the SPAN port to receive a copy of traffic crossing the switch destined for the
attacker’s PC.

2. Cisco VLAN/ Trunking Protocols
VLAN's allow a network manager to logically segment a LAN into different network of
departments such as marketing, sales, accounting, and research. There are lots of VLANs
over the backbone switches of Internet connecting different site of company. VLAN hopping
attack allows traffic from one VLAN to pass into another VLAN without first being routed.
The attacker has two method of VLAN hopping attack in order to be a member of other
VLANs:
a. VLAN hopping/ Switch Spoofing
The switches connected to a trunk link, which has access to all VLANs by default. The
attacker station can spoof as a switch with DTP signaling, and the station will be a
rogue switch – member of all VLANs and all traffic can be monitored. DTP Automates
(802.1q/ISL) trunk configuration and operates between switches. DTP usually enabled
by default. 802.1q is the networking standard that supports VLANs on an Ethernet
network. ISL is a Cisco proprietary protocol that maintains VLAN information.
b. Double tagging VLAN hopping attack
Widely used VLAN networks operate with an additional 802.1q header, or VLAN tag to
distinguish the VLANs. VLAN tag changes the information frame. The service-provider
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

13
infrastructures are double tagged, with the outer tag containing the customer's access
VLAN ID, and the inner VLAN ID being the VLAN of the incoming traffic. When the
double-tagged packet enters another trunk port in a service-provider core switch, the
outer tag is stripped as the packet is processed inside the switch. The attacker sends
“Double tagging” frame. The first belongs to the own VLAN and the second one belongs
to the target VLAN. The switch performs only one level decapsulation (strip off first tag)
and the attacker can use unidirectional traffic to the Victim. This method works if trunk
has the same VLAN as the attacker and the trunk operates with 802.1q.

3. Other Attacks
3.1.
Cisco Discovery Protocol (CDP) attack
The Cisco Discovery Protocol (CDP) is a proprietary protocol that all Cisco devices can
be configured to use. CDP discovers other Cisco devices that are directly connected,
which allows the devices to auto-configure their connection in some cases. CDP
messages are not encrypted. Most Cisco routers and switches have CDP enabled in the
default configuration. Can be used to learn sensible information about the CDP sender
(IP address, Cisco IOS software version, router model, capabilities).
Besides the information gathering benefit CDP offers an attacker, there was
vulnerability in CDP that allowed Cisco devices to run out of memory and potentially
crash if you sent it tons of bogus CDP packets. CDP is unauthenticated: an attacker
could craft bogus CDP packets and have them received by the attacker's directly
connected Cisco device. If the attacker can get access to the router via Telnet, he can
use the CDP information to discover the entire topology of your network at Layer 2 and
3, and he could launch a very effective attack against your network.

3.2.

CAM table (MAC address table) flooding

MAC address flooding is an attack technique used to exploit the memory and hardware
limitations in a switch's CAM table. Different switches are able to store numerous
amounts of entries in the CAM table, however, once the resources are exhausted, the

Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

14
traffic is flooded out on the VLAN, as the CAM table can no longer store MAC addresses,
thus is no longer able to locate the MAC destination MAC address within a packet.
Due to hardware restrictions, all CAM tables have a limited size. If there are enough
entries stored in a CAM table before the expiration of other entries, no new entries can
be accepted into the CAM table. An attacker is able to exploit this limitation by flooding
the switch with an influx of (mostly invalid) MAC addresses, until the CAM tables
resources are depleted. When the aforementioned transpires, the switch has no choice
but to flood all ports within the VLAN with all incoming traffic. This is due to the fact
that it cannot find the switch port number for a corresponding MAC address within the
CAM table. By definition, the switch, acts like, and becomes a hub.
In order for the switch to continue acting like a hub, the intruder needs to maintain the
flood of MAC addresses. If the flooding stops, the timeouts that are set on the switch
will eventually start clearing out the CAM table entries, thus enabling the switch return
to normal operation. Traffic is only flooded within the local VLAN when a CAM table
overflow occurs, albeit the attacker will only be able to sniff traffic belonging to the
local VLAN on which the attack occurs.

3.3.

MAC Spoofing (ARP poisoning) attack

In short words, Client PC is sending DHCP request on the network. This request is a
broadcast and all host on the LAN will receive it. Only DHCP server knows what this
request means and in the normal situation only the REAL DHCP server will reply to that
request.
DHCP server is then replying to the Client with messages that will configure the host
CLIENT PC with IP address, Subnet mask and Default Gateway.
When we have attacker PC in the network he will simulate DHCP server on his host PC.
With this action he will be able to reply to DHCP request before the REAL DHCP server
because it closer to the CLIENT host. It will configure the Client host with IP address of
that subnet but it will also give to host false Default Gateway address and maybe even
false DNS server address. DNS server address and Default Gateway address will both
be IP address of Attacker computer. In this manner, he will point all the communication
of the Client host to himself. Later he will make possible to forward the frames from
Client host to real destinations in order to make communication of Client possible.
Client will not know that his communication is always going across Attacker PC and that
Attacker can easily sniff frames.
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

15

3.4.

DHCP Server Spoofing

The DHCP server is used to configure network devices so that they can communicate
on computer network. The clients and a server are operating in a client-server model.
DHCP client sends a query requesting necessary information (IP address, default
gateway25, and so on) to a DHCP server. On receiving a valid request, the server
assigns the computer an IP address, and other IP configuration parameters.
This is special kind of attack where attacker sends tons of requests to the DHCP server
with a false MAC address. If enough requests flooded onto the network, the attacker
can completely exhaust all of the available DHCP addresses. Clients of the victim
network are then starved of the DHCP resource. The network attacker can then set up a
Rogue DHCP Server on the network and reply modified IP configurations to the victims.
(Figure 9.) These parameters ensure the MITM possibilities to the attacker.

Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

16

E. TECHNICAL CONTROL ASPECTS
1. Security Appliance Device
1.1. Firewall
A Firewall is a security device that can be a software program or a dedicated network
appliance. The main purpose of a firewall is to separate a secure area from a less
secure area and to control communications between the two. Firewalls can perform a
variety of other function, but are chiefly responsible for controlling inbound and
outbound communications on anything from a single machine to an entire network
1.2. VPN
A virtual private network (VPN) extends a private network across a public network,
such as the Internet. It enables a computer or network-enabled device to send and
receive data across shared or public networks as if it were directly connected to the
private network, while benefiting from the functionality, security and management
policies of the private network. VPN is created by establishing a virtual point-to-point
connection through the use of dedicated connections, virtual tunneling protocols, or
traffic encryption.
A VPN connection across the Internet is similar to a wide area network (WAN) link
between websites. From a user perspective, the extended network resources are
accessed in the same way as resources available within the private network. Variants
on VPN, such as Virtual Private LAN Service (VPLS), and layer 2 tunneling protocols, are
designed to overcome this limitation.
VPNs allow employees to securely access their company's intranet while traveling
outside the office. Similarly, VPNs securely connect geographically separated offices of
an organization, creating one cohesive network. VPN technology is also used by
individual Internet users to secure their wireless transactions, to circumvent geo
restrictions and censorship, and to connect to proxy servers for the purpose of
protecting personal identity and location
1.3. IPS
An Intrusion Prevention System (IPS) is a network security/threat prevention
technology that examines network traffic flows to detect and prevent vulnerability
exploits. Vulnerability exploits usually come in the form of malicious inputs to a target
application or service that attackers use to interrupt and gain control of an application
or machine. Following a successful exploit, the attacker can disable the target
application (resulting in a denial-of-service state), or can potentially access to all the
rights and permissions available to the compromised application.

2. Point of Configuration for preventing Attacker
2.1.
Spanning Tree Protocol
All of switch port either in blocking state (data not forward), and in the forwarding
state (data forward), and the port transitions from blocking, to listening, to learning,
and to forwarding. STP is divided into two approaches to avoid network from STP
attacker, namely;
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

17
Root Guard
The Root Guard feature can enable on all switch ports in the network off of which the
root bridge should not appear. If a port configure for Root Guard receives a superior
BPDU, instead of believing the BPDU, the port goes into a root-inconsistent state. It
also prevent a port becoming a root port. While a port is in the root-inconsistent state,
no user data is sent across it. However after BPDUs stop, the port returns to the
forwarding state.

1)

Cisco (config) # interface fast Ethernet 0/3
Cisco (config-if) # spanning-tree guard root

2)

BPDU Guard
Protecting STP by BPDU (read: Bridge Protocol Data Units) guard feature is enabled on
port configured with the Cisco Portfast feature. The portfast feature is enabled on ports
that connect to end-user devices, such as PCs. It reduces the amount of time required
for the port to go into forwarding state after being connected. The logic portfast is that
a port that connects to an end-user device does not have the potential to create a
topology loop. Therefore, the port can go active sooner by skipping STP’s listening and
learning state, which by default take 15 seconds each. Because these portfast ports
are connected to end-user devices, they should never receive a BPDU. Therefore, if a
port enabled for BPDU guard receives a BPDU, the port is disabled.
Cisco (config) # interface fast Ethernet 0/3
Cisco (config-if) # spanning-tree portfast bpduguard

2.2.


Trunking Protocol

Switch Spoofing
Enabling VLAN
Cisco (config) # interface fast Ethernet 0/3
Cisco (config-if) # switchPort mode access
Cisco (config-if) # switchPort access vlan 8



Preventing the use of DTP
Cisco (config) # interface fast Ethernet 0/3
Cisco (config-if) # switchPort trunk encapsulation dot1q
Cisco (config-if) # switchPort nonegotiate



Double Tagging
Disabling trunking
Cisco (config) # interface fast Ethernet 0/3
Cisco (config-if) # switchPort trunk native vlan 8

2.3.
Other Attack
2.3.1.
CDP attack
Cisco Discovery Protocol (CDP) is a Cisco proprietary Layer 2 protocol designed to
facilitate the administration and troubleshooting of network devices by providing
information on neighboring equipment. With CDP enabled, network administrators
can execute CDP commands that provide them with the platform, model, software
version, and even the IP addresses of adjacent equipment.
CDP is a useful protocol, but potentially could reveal important information to an
attacker. CDP is enabled by default, and can be disabled globally or for each
interface. The best practice is to disable CDP globally when the service is not used,
or per interface when CDP is still required. In cases where CDP is used for
troubleshooting or security operations, CDP should be left enabled globally, and
should be disabled only on those interfaces on which the service may represent a
risk, for example, interfaces connecting to the Internet. As a general practice, CDP
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

18
should not be enabled on interfaces that connect to external networks, such as the
Internet.
 Disable CDP globally
Cisco (config) # no cdp run



Disable CDP on one or more interfaces
Cisco (config-if) # no cdp enable

2.3.2.

CAM table flooding

For avoiding CAM table flooding, MAC address registered or sticky permanently are
needed to prevent it. The switchport also must be protected to avoid send/receive
traffic to other ports.
Cisco
Cisco
Cisco
Cisco
Cisco
Cisco

2.3.3.

(config) # interface fastEthernet 0/1
(config-if) # switchport mode access
(config-if) # switchport port-security
(config-if) # switchport port-security maximum {max_addresses}
(config-if) # switchport port-security mac-address {mac_address | sticky}
(config-if) # switchport port-security violation {protect| restrict| shutdown}

DHCP server snooping

The DHCP snooping feature on Cisco Catalyst switches can be used to combat a
DHCP server spoofing attack. With this solution, Cisco Catalyst Switch ports are
configured in either the trusted or untrusted site. If a port is trusted, it is allowed to
receive DHCP responses (for example, DHCPOFFER, DHCPACK, and DHCPNAK).
Conversely, if a port is untrusted, it is not allowed to receive DHCP responses, and
if a DHCP response attempts to enter an untrusted port, the port is disabled.
Fortunately, not every switchPort needs to be configures to support DHCP snooping.
If a port is not explicitly configured as a trusted port, it is implicitly considered to be
an untrusted port. To configure DHCP snooping, the feature must first be enabled
Cisco (config) # ip dhcp snooping
Cisco (config) ip dhcp snooping vlan 1, 10, 13-15 (for specific vlan)

2.3.4.

Access Login

Access login or access to remote should be secured as strong as possible because
access login is the first gate for attacker to do more actions in case attacking the
network data. The function of remote access or access login is to manage a
restrictive functions. An access can be restricted with those 5 ways:

1) Privilege Mode (EXEC)
Cisco # configure terminal
Cisco (config) # enable secret admin

2) Password
An administrators can access a router for administrative purposes in a variety
ways. There are user mode and privilege mode. This two modes must have
different password to protect a router from unauthorized access, a ‘strong’
password should be selected. A strong password is one that is difficult for an
attacker to guess or compromise:
 Select at least 10 character. The security password min-length 10 global
configuration mode command can be used to enforce attacker
 Use a mixture of alphabetic (both uppercase and lowercase), Numeric, and special
characters (pass-phrase character)
 The password should not be common word found in dictionary
 Create a policy that dictates how and when password are to be changed
Cisco (config-line) # password azsNYs13@!



Complex password



Enable password (activated password by default)

Ciscorouter (config) # username Cisco password azsNYs13@!
Ciscorouter (config) # enable password azsNYs13@!
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015



19
Service-password encryption (console, auxiliary, and vty line password appear in
encrypted format)
Ciscorouter (config) # service password-encryption



Disable password recovery (rommon will no longer be accessible)
Ciscorouter (config) # no service password-recovery

3) Telnet & Console
Administrator can connect to a L2SW (read: Layer 2 Switch) using telnet.
Unfortunately, Telnet is not a secure protocol. If an attacker intercepted the telnet
packets, he might be able to glean the password credentials necessary to gain
administrative access to switch. Therefore, Secure Shell (SSH) is preferred as an
alternative to Telnet, because it offers confidentially and data integrity.
Administrator can configure the switch via a switch’s console port (Telnet=line vty,
and Console switch= line console)
Cisco (config) # line console 0
Cisco (config-line) # password azsNYs13@!
Cisco (config-line) # login
Cisco (config-line) # line vty 0 15
Cisco (config-line) # login
Cisco (config-line) # password azsNYs13@!

4) Banner Message
When someone connects to one of our router, he sees some short of message of
prompt. For legal reason, banner message is needed to warn potential attacker not
to attempt a login
- The banner text is case sensitive. Make sure you do not add any spaces before or
after the banner text.
- Use a delimiting character before and after the banner text to indicate where the
text begins and ends. The delimiting character used in the example below is %,
but you can use any character that is not used in the banner text.
- After configure the MOTD, log out of the switch to verify that the banner displays
when it log back in.
Cisco (config) # banner motd %authorized text%
Cisco (config) # end

****! WARNING! - AUTHORIZED ACCESS ONLY - ! WARNING! ****
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have an explicit permission to access this device
All activities performed on this device are logged and
Violations of this policy result will be forward as a disciplinary action
********************************************************

5) SNMP
SNMP (read: Simple Network Management Protocol) is often used to collect
information about network device. The first two Lack Security versions (V1 and V2c)
is not a secure mechanism. If it would be used, please consider to allow SNMP only
Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

-

20
read information, NOT read-write information. Using SNMP Version 3 (V3) is a strong
security (more secure) to be implement in switchPort Security. The preceding brief
introduction to SNMP should raise a few issues for the security professional. As
mentioned, the default SNMP community strings are public for read-only access and
private for read-write. Most system and network administrators do not change
these values. Consequently, any user, authorized or not, can obtain information
through SNMP about the device and potentially change or reset values. For
example, if the read-write community string is the default, any user can change the
device’s IP address and take it off the network. However, the common SNMP
security issues include:
Well-known default community strings
Ability to change the configuration information on the system where the SNMP
agent is running
Multiple management stations managing the same device
Denial-of-service attacks
As mentioned previously, there are two SNMP access policies, read-only and readwrite, using the default community strings of public and private, respectively. Many
organizations do not change the default community strings. Failing to change the
default values means it is possible for an unauthorized person to change the
configuration parameters associated with the device.
Consequently, SNMP community strings should be treated as passwords. The better
the quality of the password, the less likely an unauthorized person could guess the
community string and change the configuration.

6) Disable unused port

Cisco (config) # interface fastEthernet 0/1
Cisco (config) # shutdown

F. TESTING OF MATERIAL
N
o
1

Detailed Testing
ARP poisoning
IP ARP Inspection
(DAI):
a. Inter vlan
b. Inter switch

2

Spanning tree
a. Root Guard
b. BPCU guard

Command
a. Cisco (config) # ip arp inspection
vlan {vlan_ID | vlan_range}
b. Cisco (config) # interface gigabit
Ethernet 0/1
c.Cisco (config) # ip arp inspection
trust

a. Cisco (config) # interface fast
Ethernet 0/3
Cisco (config-if) # spanning-tree
guard root
b. Cisco (config) # interface fast
Ethernet 0/3
Cisco (config-if) # spanning-tree
portfast bpduguard

Document Type: Analysis, Testing, Compare
Project : 2nd project

Verify
a. Show ip arp
inspection vlan
{vlan_ID |
vlan_range} | begin
vlan
b. Show ip arp
inspection interface
Gi0/1
Show spanning-tree
(normal 300 MAC)

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

K
P

√

√

21
3

4

5

6

7

Trunking Protocol
a. Enable VLAN
b. Preventing DTP
c. Disable trunking
(double tagging)

CDP attack
a. Disable CDP
globally
b. Disable CDP on
one/more
interfaces

a. Cisco (config) # interface fast
Ethernet 0/3
Cisco (config-if) # switchport mode
access
Cisco (config-if) # switchport
access vlan 8
b. Cisco (config) # interface fast
Ethernet 0/3
Cisco (config-if) # spanning-tree
portfast bpduguard
c.Cisco (config) # interface fast
Ethernet 0/3
Cisco (config-if) # switchPort trunk
native vlan 8
a. Cisco (config) # no cdp run
b. Cisco (config) # interface fast
Ethernet 0/3
Cisco (config-if) # no cdp enable

CAM table flooding - Cisco (config) # interface
a. Sticky MAC
fastEthernet 0/1
- Cisco (config-if) # switchport mode
address
access
- Cisco (config-if) # switchport portsecurity
- Cisco (config-if) # switchport portsecurity maximum {max_addresses}
- Cisco (config-if) # switchport portsecurity mac-address {mac_address
| sticky}
- Cisco (config-if) # switchport portsecurity

DHCP server
spoofing
a. DHCP snooping
Access Login
a. Privilege Mode
b. Enable password
c. Password
d. Password
encryption
e. Disable password
recovery
f. Password telnet
g. Password console
h. Banner message
i. SNMP community
j. Disable unused
port

violation {protect| restrict|
shutdown}
- Cisco (config) # ip dhcp snooping
- Cisco (config) ip dhcp snooping vlan
1, 10, 13-15 (for specific vlan)
a. Cisco # configure terminal

a. Show run
b. Show spanning-tree
c. Show run

√

Show cdp neighbor

√

Show run

√

Show ip dhcp
snooping

√

Show run

√

Cisco (config) # enable secret
admin
b. Ciscorouter (config) # enable
password azsNYs13@!
c. Ciscorouter (config) # username
Cisco password azsNYs13@!
d. Ciscorouter (config) # service
password-encryption
e. Ciscorouter (config) # no service
password-recovery
f. Cisco (config) # line console 0
Cisco (config-line) # password

Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

azsNYs13@!
Cisco (config-line) # login
g. Cisco (config-line) # line vty 0 15
Cisco (config-line) # login
Cisco (config-line) # password
azsNYs13@!
h. Cisco (config) # banner motd
%authorized text
Cisco (config) # end
i. Cisco (config) # snmp community …
j. Cisco (config) # interface
fastEthernet 0/1
Cisco (config) # shutdown

22

G.ANALYSIS OF CONFIGURATION
Not standard (unsecured)
Not full standard (less secure)

1. ADMINISTRATIVE CONTROL
N
o

Solutio
n of
Control

Standard Policies
Security awareness and
technical training

PT.KP Standardization
Training CCNA and CCNA security for security
awareness

Separation of duties
Procedures for recruiting
and terminating
employees

Security policies and
procedures

1

Preventiv
e
Supervision

Human Resource has recruited employee from
aspects health performance, Law Data from
police, educational background and experience
1. Create security Pledge form
2. Create list of access form
3. Create list of device carry in form
4. Sticker for hiding all kinds of camera
5. Create the rule before accessing Data Center
6. Operator supervise the guess access
1. Supervisor press employee distress by creating
some jokes or share what the difficult things to
do in working
2. Check the form of security policies and
procedures every month

Disaster recovery,
contingency, and
emergency plans

Standby monitoring out
workdays

Document Type: Analysis, Testing, Compare
Project : 2nd project

In Data Center, Operator has working in Shift.
Even in weekend or holiday, Operator standby for
monitoring and reporting the trouble happen to
the engineer. They work 24 Hours a day, 7 days a
week
Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

2

Detectiv
e

23

Security reviews and
audits
Performance evaluations

Security review every month, audits not yet
Create working progress and plan a year
INFRA team has already done a team building
(NOT holiday) once

Required vacations
Background investigations
Rotation of duties

2. PHYSICAL CONTROL
N
o
1

Solution
of
Control
Preventiv
e

Standard
Policies

PT.KP Standardization

1. Before testing device configuration, backup files first to
Backup files
and
avoid the loose of previous files
documentation 2. Backup an active configuration every month
s
3. Unused paper printed must be thrown out into rubbish
1. Double door for entering Data Center (1st only standard
which after work hours finished, it will be locked by
operator. 2nd door is a limited access using finger print,
only authorized employee entering the door. For the
Security Guard
others should push the open button and tell what will be
done inside)
2. In Data Center, the backdoor and side door are locked
using padlock steel and the windows close the screen
and locked permanently
Using fingerprint with camera which can be monitored and
Badge System
communicate from inside
Double door for entering Data Center (1st only standard
which after work hours finished, it will be locked by
Double door
operator. 2nd door is a limited access using finger print,
system
only authorized employee entering the door. For the others
should push the open button and tell what will be done
inside)
Using Fingerprint for the restricted access to avoid
Lock and Keys
duplicating key, but the first door and UPS&TR rooms using
a standard key which can be duplicated by attacker
1. Almost all important devices have a backup device to
maintain the failures of active device
Backup Power
2. For a backup power, two units of UPS prepared as a
and Device
backup power. An active device is connected to 1 st PDU,
for backup device is connected to 2nd PDU
Biometric
Using Fingerprint, scan the registered finger for access in
Access Control
Data Center
Site Selection 1. Location of Data Center is in 2nd floor
2. Near the sea

Document Type: Analysis, Testing, Compare
Project : 2nd project

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

2

Detective

3. Wood composition only 30 % (desk and the wall for
separating engineer with data room)
All inside data center contain electric and device, the
Fire
compositions of fire extinguish is Powder (Natrium
extinguisher
Carbonat Na2CO3) which is pressed by Nitrogen (N2)
Motion
Log failure by speaker. The sound seems like ambulance or
Detector
police with a loud sound which monitored by operator
Fire and Smoke 1. Fire Detector = applied 8 units
Detector
2. Smoke Detector = 20 units
CCTV and
1. CCTV only one
Lighting
2. Lighting standard 80 %
Sensor and
Sensor Alarm ACB panel
Alarms

3. TECHNICAL CONTROL
N
o

Solution
of
Control

Detailed Testing

PT.KP STANDARDIZATION

ARP poisoning:
IP ARP Inspection (DAI)
Spanning tree
a. Root Guard
b. BPCU guard
Trunking Protocol
a. Enable VLAN
b. Preventing DTP
c. Disable trunking (double
tagging)

a. PT.KP using static VLAN (10-99)
b. DTP only implement in Layer 3
(Backbone)
c.Trunking is disabled in Layer 2 switch

CDP attacks:
a. Disable CDP globally
b. Disable CDP on one/more
interfaces
1

Preventive

CAM table flooding:
Sticky MAC address
DHCP server spoofing:
DHCP snooping
Access Login
a. Privilege Mode
b. Enable password
c. Password
d. Password encryption
e. Disable password recovery
f. Password telnet
g. Password console
h. Banner message
i. SNMP community
j. Disable unused port

Document Type: Analysis, Testing, Compare
Project : 2nd project

a. Has implemented
b. Has implemented
c.Has implemented
d. Has implemented
e. Not yet implement
f. Has implemented
g. Has implemented
h. Has implemented
i. Using V2c (own community)
j. Not yet implement

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015

24

Security Appliance – Firewall

2

Detective
Security Appliance – VPN

Security Appliance – IPS

Document Type: Analysis, Testing, Compare
Project : 2nd project

Has implemented, in PT.KP for firewall 25
using 2 types, Firewall Internet and
Firewall for Data Center, Model of
Firewall is ASA 5585x 4 eA (Internal
Firewall active-standby, Data Center
Firewall active-standby)
VPN has implemented in PT.KP, using
model Big IP F5 1600 series 2 eA
(active-standby)
Has implemented in PT.KP. using model
Tipping point 660N 2 eA (activestandby)

Subject : Layer 2 Switch and Data Center
Date : 18 March 2015