INCREASING NETWORK EFFICIENCY BY PREVENTING ATTACKS AT ACCESS LAYER

G.Narasimha, M.Jithender Reddy

Abstract: The design of complex Networks follows three layer architecture, which is scalable and provides redundant paths for data transmission. The layers include: Access Layer, Distribution Layer and Core Layer. Access layer devices are used to connect end devices on the same network and Distribution Layer uses multi layer switches, which provides features like redundant paths, link aggregation, access control lists, and quality of services(QOS). And Core layer devices transfers data as fast as possible to various networks without much delay. At Access layer, switches are used to connect multiple devices on the network. They are mainly vulnerable to attacks within the network by malicious users. Generally, networks are secured by using firewalls or implementing access control lists on a router. Routers or firewalls can prevent illegitimate traffic entering the network. But, they cannot prevent attacks within the network. Switches are vulnerable to attacks like MAC address flooding, DHCP starvation, DHCP snooping , denial-of-service and etc. In this paper I would like to provide necessary configuration required to protect network resources and also to give an insight to design networks, to improve throughput and reduce broadcast traffic. To address the above issues, a topology is designed using PACKET TRACER (network simulator) to demonstrate the vulnerabilities at access layer, and also shows the configuration required to protect the network from the above said attacks. Further, it also addresses the issue of increasing the efficiency of the network.

Keywords: Content Addressable MAC, Virtual LAN, Medium Access Control Table, Switch Port Security, Dynamic Host Configuration Protocol, DHCP starvation, DHCP snooping

DOI: https://doi.org/10.15623/ijret.2014.0317007