What Is MAC-IP Anti-Spoof?
MAC and IP address-based attacks are
increasingly common in today’s network security environment. These types of
attacks often target a Local Area Network (LAN) and can originate from either
outside or inside a network. In fact,anywhere internal LANs are somewhat
exposed, as in conference rooms, schools, or libraries, could provide an
opening for these types of attacks. These attacks also go by various names: man-in-the-middle
attacks, ARP poisoning, and SPIT ONLY. MAC-IP Anti-Spoof prevents against
ARP-based attacks such as poisoning or spoofing and also provides MAC-IP
address-based ingress admission control. The MAC-IP Anti-Spoof feature also
lowers the risk ofthese attacks by providing
administrators with different ways to control access to a network, and by eliminating
spoofing attacks at OSI Layer 2/3.
Benefits
• Provides administrators with more
dynamic control over which devices gain access to a network.
• Provides OSI Layer 2 and Layer 3
admission control,along with Layer 2 (MAC) based anti-spoof, or ARP guard.
• A dedicated MAC-IP Anti-Spoof
cache that maintains lists of both authorized” and “blacklisted” devices.
How Does MAC-IP Anti-Spoof Work?
The effectiveness of the MAC-IP
Anti-Spoof feature focuses on two areas. The first is admission control which
allows administrators the ability to select whichdevices gain access to the network.
The second area is the elimination of spoofing attacks, such as
denial-of-service attacks, at Layer 2. To achieve these goals, two caches of
information must be built: the MAC-IP Anti-Spoof Cache, and the ARP Cache.
The MAC-IP Anti-Spoof cache
validates incoming packets and determines whether they are to be allowed inside
the network. An incoming packet’s source MAC and IP addresses are looked up in
this cache. If they are found, the packet is allowed through. The MAC-IPAnti-Spoof
cache is built through one or more of the following sub-systems:
• DHCP Server-based leases
(SonicWALL’s - DHCP Server)
• DHCP relay-based leases
(SonicWALL’s - IP Helper)
• Static ARP entries
• User created static entries
The ARP Cache is built through the
following subsystems:
• ARP packets; both ARP requests and
responses
• Static ARP entries from
user-created entries
• MAC-IP Anti-Spoof Cache
The MAC-IP Anti-Spoof subsystem
achieves egress control by locking the ARP cache, so egress packets (packets
exiting the network) are not spoofed by a bad device or by unwanted ARP
packets. This prevents a firewall from routing a packet to the unintended
device, based on mapping. This also prevents man-in-the-middle attacks by
refreshing a client’s own MAC address inside its ARP cache.
Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator
Sr.System Administrator
No comments:
Post a Comment