WhatsApp or SMS: 07087083227
Click here to Get The Complete Research Project Chapter 1-5

Full Project – Defeating content addressable memory (CAM) table flooding attacks with port security

Click here to Get this Complete Project Chapter 1-5

CHAPTER ONE

INTRODUCTION

1.1 Background of Study

Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources (Wikipedia,2013), An Ethernet switch’s role is to copy Ethernet frames from one port to another. The presence of a Content Addressable Memory (CAM) table is one attribute that separates a switch from a hub. Without a functional CAM table, all frames received by a network switch would be echoed back out to all other ports, much like an Ethernet hub. A switch should only emit a frame on the port where the destination network device resides (unicast), unless the frame is for all nodes on the switch (broadcast) or multiple nodes (multicast).

Generally, the CAM table is a system memory construct used by Ethernet switch logic to different Media Access Control (MAC) addresses of stations to the ports on which they connect to the switch. This allows switches to facilitate communications between connected stations at high speed regardless of how many devices are connected to the switch. The CAM table is consulted to make the frame forwarding decision. Switches learn MAC addresses from the source address of Ethernet frames on the ports, such as Address Resolution Protocol response packets. (Wikipedia, 2014),

1.2 Attacks

This is where the attacker is coming into play. The key to understanding how MAC address table overflow attacks work is to know that MAC address tables are limited in size. MAC flooding makes use of this limitation to send to the switch a whole bunch offake source MAC addresses until the switch MAC address table is fully loaded and cannot save any more MAC

Address – Port mapping entries. The switch then enters into a fail-open mode that means that it starts acting as a hub. In this situation switch will broadcasts all received packets to all the machines on the network. As a result, the attacker can see all the frames sent from a victim host to another host without a MAC address table entry. (Behrouz, 2007).

1.2 Motivation of the Study

The wild use of the network for criminal and illegal activities like hacking, cracking, cybercriminals, cyber terrorist and other malicious software (such as worm) that can be done on the network thereby causing damage to user files and stopping the user from the use of the network was the reason behind this project work in other to find out a constructive measure to prevent, detect and correct security violations that involve during the transmission of data.

Some computer user believe that security issues facing home users are greatly exaggerated, and that the only entities which need to be concerned about desktop and network security are business which have critical data on their machines. I use port security feature to restrict input to an interface by limiting and identifying MAC addresses of the workstations that are allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the workstation attached to that port is assured the full bandwidth of the port.

If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, when the MAC address of a workstation attempting to access the port is different from any of the identified secure MAC addresses, a security violation occurs.

You can configure MAC addresses to be sticky. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts. Although sticky secure addresses can be manually configured, it is not recommended.

1.3 Aims and Objectives of the Study

The basic objective of this project is to Defeating CAM Flooding attacks with port-security configuration and implementation on network. Other Objectives are to

Enforce certain policies on Switch such as configuring port-security to allow network to restrict input to an interface by limiting and identifying MAC addresses of the workstations that are allowed to access the port.
Setting up Switch violation Shutdown – When a violation occurs in this mode, the switch port will be taken out of service and placed in the err-disabled state. The switch port will remain in this state until manually removed, using a packet tracer in which configuration is carried out

1.4 Method of achieving the objectives

The method adopted for this work is qualitative approach; the research is carried out by adopting the qualities and behaviors of layer two securities for better understanding and ease of use. The project uses packet tracer which consist of Routers, Switches, Servers and computers e.t.ca project test laboratory which consists of a configured router and clients on which the port-security is being implemented.

The security is implemented on the clients that are on the network which is based on Mac-address policy and ensure that the system comply with it.

A good study of previous similar project works and literature works on the layer two security are the basic concepts in the development of this work. Journals, e-books and other relevant materials written by the member of the network security forums and other standardize organization like International Telecommunication union (ITU-T) among many others.

Get the Complete Project

This is a premium project material and the complete research project plus questionnaires and references can be gotten at an affordable rate of N3,000 for Nigerian clients and $8 for international clients.

Click here to Get this Complete Project Chapter 1-5

You can also check other Research Project here: