Network Access Control (NAC)
- IEEE 802.1X - Port-based
- Network Access Control (NAC)
- You don’t get access until you authenticate
• Makes extensive use of EAP and RADIUS
• Extensible Authentication Protocol / Remote
Authentication Dial In User Service
- We’re talking about physical interfaces
- Not TCP or UDP ports
- Administrative enable/disable
- Disable your unused ports
• Duplicate MAC address checking - Stop the spoofers
Port security
• Prevent unauthorized users from connecting
to a switch interface
• Alert or disable the port
- Based on the source MAC address
- Even if forwarded from elsewhere
- Each port has its own config
- Unique rules for every interface
Port security operation
• Configure a maximum number of source MAC
addresses on an interface
• You decide how many is too many
• You can also configure specific MAC addresses
• The switch monitors the number of unique MAC
addresses
• Maintains a list of every source MAC address
• Once you exceed the maximum, port security
activates
• Default is to disable the interface
MAC filtering
• Media Access Control - The “hardware” address
- Limit access through the physical hardware address
- Keeps the neighbors out
- Additional administration with visitors
• Easy to find working MAC addresses through wireless
LAN analysis
• MAC addresses can be spoofed
• Free open-source software
• Security through obscurity
Captive portal
- Authentication to a network
- Common on wireless networks
- Access table recognizes a lack of authentication
- Redirects your web access to a captive portal page
- Username / password
- And additional authentication factors
• Once proper authentication is provided, the web
session continues
• Until the captive portal removes your access
Access Control Lists (ACLs)
- Used to allow or deny traffic
- Also used for NAT, QoS, etc.
- Defined on the ingress or egress of an interface
- Incoming or outgoing
• ACLs evaluate on certain criteria
• Source IP, Destination IP, TCP port numbers, UDP
port numbers, ICMP
- Deny or permit
- What happens when an ACL matches the traffic?
-
Common Ports15
-
Understanding the OSI Model9
-
Introduction to Ethernet5
-
Network Switching Overview4
-
Broadcast Domains and Collision Domains5
-
Protocol Data Units3
-
Network Segmentation3
-
Spanning Tree Protocol4
-
Switch Interface Properties6
-
Static and Dynamic Routing5
-
IGP and EGP3
-
Dynamic Routing Protocols5
-
IPv4 and IPv6 Addressing5
-
Configuring IPv66
-
Prioritizing Traffic4
-
Network Address Translation4
-
Access Control Lists2
-
Circuit Switching and Packet Switching4
-
Software Defined Networking3
-
IPv4 Addresses2
-
Classful Subnetting and IPv4 Subnet Masks3
-
IPv6 Subnet Masks1
-
Calculating IPv4 Subnets and Hosts1
-
Seven Second Subnetting1
-
Assigning IPv4 Addresses3
-
Assigning IPv6 Addresses4
-
Network Topologies/Common Network Types10
-
Internet of Things Topologies8
-
802.11 Wireless Standards6
-
Cellular Network Standards5
-
Wireless Network Technologies8
-
Cloud Services and Delivery Models8
-
An Overview of DNS5
-
DNS Record Types8
-
DHCP Addressing Overview4
-
Configuring DHCP4
-
An Overview of NTP4
-
Copper Cabling7
-
Optical Fiber2
-
Network Termination Points4
-
Network Transceivers6
-
Ethernet Standards3
-
Networking Devices9
-
Advanced Networking Devices17
-
Virtual Networking3
-
Network Storage6
-
WAN Services7
-
WAN Technologies8
-
WAN Termination4
-
Network Documentation11
-
Availability Concepts5
-
Power Management3
-
Recovery Sites3
-
Backup and Recovery5
-
Process Monitoring7
-
Event Management4
-
Performance Metrics2
-
Remote Access10
-
Policies and Best Practices16
-
Physical Security7
-
Authorization, Authentication, and Accounting9
-
Multi-factor Authentication6
-
Access Control6
-
Wireless Encryption4
-
Denial of Service4
-
Social Engineering2
-
Logic Bombs3
-
Rogue Access Points2
-
Wardriving1
-
Phishing2
-
Ransomware4
-
Spoofing3
-
Wireless Deauthentication3
-
Brute Force Attacks2
-
VLAN Hopping3
-
Man-in-the-Middle2
-
Device Hardening10
-
Mitigation Techniques8
-
Switch Port Protection5
-
Network Segmentation3
-
Hardware Tools9
-
Software Tools4
-
Command Line Tools11
-
Wired Network Troubleshooting24
-
Wireless Network Troubleshooting13
-
Network Service Troubleshooting17
