1. Ethernet Switching Concepts:
    1. MAC Flooding:
      1. The behavior of switches as they receive frames whose destination MAC addresses are broadcasts, multicasts, or unknown unicasts.
      2. The switch responds by performing best-effort forwarding, copying the frame and sending it out of all available switch ports.
    2. CAM Table:
      1. Content-Addressable Memory. The location in memory used to store and quickly retrieve MAC addresses.
  2. Layer 2 vs Layer 3
    1. Layer 2 Switch:
      1. Traditional switching operates at layer 2 of the OSI model, where packets are sent to a specific switch port based on destination MAC addresses.
    2. Layer 3 Switch (MLS):
      1. A Layer 3 switch is basically a switch that can perform routing functions in addition to switching.
      2. Routing operates at layer 3, where packets are sent to a specific next-hop IP address, based on the local device's routing information regarding the received destination IP address.
      3. Devices in the same layer 2 segment do not need routing to reach local peers, but do need the destination MAC address, which can be resolved through the Address Resolution Protocol (ARP).
  3. Port Security
    1. A Layer 2 traffic control feature on Cisco Catalyst switches.
    2. Individual switch ports allow only a specified number of source MAC addresses
  4. Loop Prevention
    1. Spanning Tree Protocol (STP):
      1. A Layer 2 protocol designed to prevent bridging loops and allow redundant Layer 2 network design.
  5. Flood Guard:
    1. A protection feature that allows the administrator to configure rate limiting for processes consuming large bandwidth share.
  6. List the four possible failure modes for a security device:
    1. Fail Closed:
      1. When the device detects failure conditions, it shuts down and prevents further operation.
      2. An example of a fail closed security device is a firewall.
      3. This strategy is common in situations where security is prioritized above access.
    2. Fail Open:
      1. When the device detects failure conditions, it remains open and operations continue as if the system were not in place.
      2. An example of a fail open security device is an Advanced Malware Protection Sandbox, or a Layer 2 Switch.
      3. This strategy is used when access is more important than security.
    3. Fail Safe:
      1. When the device detects failure, its configuration mitigates harm from coming to other system components.
      2. An example of a fail safe security device is a bypass switch
    4. Fail Over:
      1. If the primary device fails, functionality is not lost, because redundancy exists in the network.
      2. For the duration of the fail over, the secondary device acts as the primary.
  7. Potential LAN Threat Vectors:
    1. MAC Spoofing:
      1. The attacker changes or masks the Layer 2 MAC address of a NIC on a networked device with a false MAC address.
    2. ARP Spoofing:
      1. The attacker impersonates the destination of the target's traffic.
      2. To prevent this attack, use Dynamic ARP Inspection, lower the ARP aging timer, and configure DHCP snooping.
    3. DHCP Starvation (Exhaustion) Attack:
      1. An attacker broadcasts DHCP requests with spoofed MAC addresses.
      2. To prevent this, enable DHCP snooping to deny DHCP Offers and Acknowledgements from untrusted ports.