Securities of OSI

Solution Preview

1. Physical layer
Intrusion detection is the predominant security feature for the physical layer security. The physical layer is by most measures the best way to access the equipment to be attacked. One was of enhancing the security of telecommunications rooms to some degree is through use of padlocks, badge readers, and other lockdown technologies, but these cannot prevent an "inside" job. Assuming that the intrusion originated at a connector or port on a shelf or patch panel (the easiest way to access a piece of equipment), there is virtually no way to immediately detect the intrusion. The intrusion may eventually be detected by the Layer 3 (Transport layer) security applications, but potentially not before some damage has been done. If a physical layer management system (such as one with the attributes described in the previous sections) is in place, an unauthorized access event would be generated and sent to the NOC. A typical physical layer management system would have the following capabilities.
• Ability to detect patch cord insertions, removals, and damage and/or breakage.
• Ability to communicate these events to an Element Manager or a Network Manager
• Provide information related to the physical location of the event, entities affected by the event, and materials needed to correct the problem
• Ability to restore the patch field and associated end-to-end links to a state where they were prior to the event.
This would alert the NOC personnel of the event, and the appropriate measures could be taken. In addition, this event could trigger another activity such as the activation of a security camera at the location of the event, and the transmission of an image of the "intruder" to the NOC or local security.

2. Data Link Layer
The data link layer (layer 2) communication is the weakest link in terms of security. Some of the typical security concerns at this layer are listed below.

• Problem: Content-Addressable Memory ( CAM) table overflow: The CAM table in a switch contains information such as the MAC addresses available on a given physical port of a switch, as well as the associated VLAN parameters. CAM tables are limited in size. Typically a network intruder will flood the switch with a large number of invalid-source MAC addresses until the CAM table fills up. When that occurs, the switch will flood all ports with incoming traffic because it cannot find the port number for a particular MAC address in the CAM table. CAM table overflow only floods traffic within the local VLAN so the intruder will see traffic within the local VLAN to which he or she is connected.

Solution: The CAM table-overflow attack can be solved by configuring port security on the switch. This option provides for either the specification of the MAC addresses on a particular switch port or the specification of the number of MAC addresses that can be learned by a switch port. When an invalid MAC address is detected on the port, the switch can either block the offending MAC address or shut down the port.

• Problem: VLAN hopping: VLAN hopping is a network attack whereby an end system sends out packets destined for a system on a different VLAN that cannot normally be reached by the end system. This traffic is tagged with a different VLAN ID to which the end system belongs. Or, the attacking system may be trying to behave like a switch and negotiate ...