Layer 2 Best Practices

Layer 2 (network switching) is beyond of the scope of this book and, therefore, has not been addressed in great detail. However, it is very important to the deployment of your network from both an architectural and a security standpoint.

From a physical standpoint, Layer 2 is generally implemented by a network switch. Switches are used to connect devices on the network. For example, on the inside of your network, you might have 20 PCs. To connect those PCs to each other and then to the Internet, you need to plug them into a switch. The switch is the glue that connects all the network wire.

From a security standpoint, a switch should keep each device on the network from seeing data going to or from another device. By default, switches do just that they prevent one device from seeing the packets destined for another device. Unfortunately, switches might be misconfigured or compromised by a Layer 2 attack. If a switch is misconfigured, it could allow traffic for one or all PCs to be seen by other systems on the network.

You might be asking yourself how a hacker can gain access to your inside network to compromise a Layer 2 switch with all of this security that you put in place. The answer is simple. A hacker could be

• Someone in your company already on the network

• A trusted vendor

• Someone who walked into your office posing as a vendor

• Someone who bypassed your physical security and plugged into your network

• A hacker who compromised any inside host in your network by using a directed attack, a worm, a Trojan, or a web or e-mail virus

If your switch is compromised, a hacker could easily see all the data that goes across your network, including the following:

• Confidential e-mail

• Usernames and passwords

• Device configurations

• Customer data

• Database queries on web data

• Chat data

• Employee data

• Company patents or confidential projects

• Financial information

Essentially, a hacker can "own" your network and own your corporate and customer information if Layer 2 is compromised.

You need to ensure that all Layer 2 devices on your network are locked down. It is recommended that you read the document titled "SAFE:L2 Application Note" located at http://www.cisco.com/go/safe. If you follow these best practices, you will ensure that the security posture of your switches is such that a hacker would have a difficult time getting access.