Layer 2 -- The Weakest Link

Author: Connie Howard Published March 18, 2011 from Cisco

Network security is only as strong as your weakest link, and that may well be Layer 2 of the OSI model, the data link layer. This layer enables interoperability and interconnectivity because of its independence -- but from a security perspective, creates a challenge because a compromise at one layer isn't always known by the other layers. What's more, often network operations staff has one agenda, security staff another, and both end up missing Layer 2. Two of the most problematic attack signatures that threaten Layer 2 -- MAC flooding attacks and virtual LAN (VLAN) hopping -- are explored in this article, along with some ways to mitigate their effects.

Tags:

Read the complete paper at Cisco