[Security] How secure is Data Link Layer?

-
Networking Self-Teaching Guide: OSI, TCP/IP, LAN's, MAN's, WAN's, Implementation, Management, and Maintenance (Wiley Self Teaching Guides)
It's time to get deeper in security. After check about encryption tools, now we will have a look on its concepts. Most of you have heard the OSI Layers. The O.S.I. model (O.S.I. - Open System Interconnection) is a way of sub-dividing a System into smaller parts (called layers) from the point of view of communications. 


A layer is a collection of conceptually similar functions that provide services to the layer above it and receives services from the layer below it. On each layer an instance provides services to the instances at the layer above and requests service from the layer below.

For example, a layer that provides error-free communications, across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of the path. Conceptually two instances at one layer are connected by a horizontal protocol connection on that layer.


Time has passed but did anything change about Layer 2? As a matter of fact, it did! Layer 2 intrinsics functioning may be the same but it could be more vulnerable than before. Auditors continue to look for the procedures book to identify possible risks or flaws, on how vulnerable your network is to the unexpected hacker according to what their auditing manual said.


The Data Link Layer of the OSI model is responsible for communications between adjacent network nodes. Switches operate at the Data Link Layer. It is further more responsible for monitoring,correcting the flow of data as well as errors that creep up in transmission of data . It employs the use of block and convoluted coding to check the flow and error mechanism in transmission of data. Data link layer consists of two sub-layers:

  • Logical Link Control (LLC) sublayer
  • Medium Access Control (MAC) sublayer.

TCP/IP Illustrated, Vol. 1: The ProtocolsLLC sublayer provides interface between the media access methods and network layer protocols such as internet protocol which is a part of TCP/IP protocol suite. LLC sublayer determines whether the communication is going to be connectionless or connection-oriented at the data link layer. MAC sublayer is responsible for connection to physical media. At the MAC sublayer of data link layer, the actual physical address of the device,called the MAC address, is added to the frame (which contains the packets inside). The frame contains all the information necessary to travel from source device to destination device. Each time a frame is created while it travels the path, it gets stamped with the MAC address of the last sending device in the "source" address, whereas the "destination" address gets the MAC of the adjacent receiving device. In simple words, a frame is needed to carry packets between two adjacent devices where they get discarded and recreated each time they are received/sent. MAC address is the 12 digit hexadecimal number unique to every computer in this world. A device's MAC address is located on its Network Interface Card (NIC). In these 12 digits of MAC address, the first six digits indicate the NIC manufacturer and the last six digits are unique. For example, 32-14-a6-42-17-0c is a 12 digit hexadecimal MAC address. Thus MAC address represents the physical address of a device in the network.


Truth been told, we are always concerned about our routers, their policies, who have access to it and rule's prevalences order according to the user's manual of our preferred device manufacturer.Probably all this is justified by historical data. At the beginning there was no network, no protocols, no risk. Eventually technology developed and network focuses on the main devices tiding everything up (broadband connections, redundant -dual ISP- routers, etc) and dump devices (as switches, for example) were overlooked.

Have you realized the importance of your switch and its impact on your network? Do you remember the OSI model, its layers and how they interact with each other? Data Link Layer 2 was not built in with security features, plus layers do not share security information with each other so that each layer look for specifics on its security but do not interact with other layers to provide them with feedback of possible security breaches.Well, again, technology has evolved and now manageable switches allows you to take close control of what's taking place on Layer 2, data link.

Network Security BibleSecurity has always focus on checking and double checking the transport, network and application layer but not the data link layer which is commonly attacked by either ARP positioning, MAC flooding, Port Stealing, Denial of Service (DoS), MAC cloning, Hijacking, Multicast Brute Force, Frame Stress attack, etc. ARP (Address Resolution Protocol), a stateless protocol, is responsible for binding MAC addresses with IP addresses. This binding process takes places without any level of security or authentication.


ARP broadcast a request over the network trying to find a target who's MAC address, once identified, is attached to a specific temporal IP address. At this point the identification process is recorded on an ARP cache that converts IP address to MAC address, this is call positioning. Since no authentication mechanism has been activated at this point, a cloned MAC address would easily compromise the system's security.

Several alternatives are widely available to improve layer's 2 security. Intrusion Detection Systems (IDSs) can be configured to listen traffic on the ARP protocol, allowing you to take action over that traffic.

Proper implementation of VLAN's can also provide some additional security on traffic on this Layers. The fact is that network security specialists should pay close attention to Layer 2 when working on new network's designs. This will minimize risk or potential attackers.

Comments

Post a Comment

Popular posts from this blog

[Joke] Password selection rules

-
Image
Another joke from lolisoft today...   CORPORATE DIRECTIVE NUMBER 88-570471 In order to increase the security of all company computing facilities, and to avoid the possibility of unauthorized use of these facilities, new rules are being put into effect concerning the selection of passwords. All users of computing facilities are instructed to change their passwords to conform to these rules immediately. RULES FOR THE SELECTION OF PASSWORDS: 1. A password must be at least six characters long, and must not contain two occurrences of a character in a row, or a sequence of two or more characters from the alphabet in forward or reverse order. Example: HGQQXP is an invalid password. GFEDCB is an invalid password. 2. A password may not contain two or more letters in the same position as any previous password. Example: If a previous password was GKPWTZ, then NRPWHS would be invalid because PW occurs in the same position in both passwords. 3. A password may not contain the name of a
Read more

Get it better with disk defragmenter

-
Image
If you have managed your system with file manager , you can go further with "real file manager on hard drive".  Disk Defragmenter is a computer program included in Microsoft Windows designed to increase access speed by rearranging files stored on a disk to occupy contiguous storage locations, a technique commonly known as defragmenting. The purpose is to optimize the time it takes to read and write files to/from the disk by minimizing head travel time and maximizing the transfer rate. As of Windows XP, Disk Defragmenter is also used to improve system startup times.  Two softwares are recommended for this purpose: Auslogics Disk Defrag and MyDefrag .  Auslogics Disk Defrag is a compact and fast defragmenter that supports both FAT 16/32, and NTFS file systems. It is supplied with advanced optimization techniques, which will remedy your system sluggishness and crashes caused by files fragmentation. There are 7 advantages in using Auslogic Disk Defrag as mentioned on its we
Read more

[NEWS] Google’s ‘Soli’ Radar-Based Motion Sensor - Approved by FCC

-
Image
It's time for some good news .. Let's imagine being able to control gadgets with simple hand signals. Google needs to make this idea a reality with its 'Soli' radar-based movement sensor innovation.    According to the FCC, Google’s Soli motion sensor, “will serve the public interest by providing for innovative device control features using touchless hand gesture technology.” As per the FCC, Google's Soli movement sensor, "will serve the general population enthusiasm by accommodating imaginative gadget control highlights utilizing touchless hand motion innovation."  Soli, a detecting innovation that utilizes a small radar to identify touchless motion connections, was created by Google to enhance savvy gadget use. As indicated by Soli's site, the Soli movement sensor works by producing electromagnetic waves in a wide bar and following unique motions communicated by hand and finger movements. The sensor can be inserted into PCs, wearables, a
Read more