NetworkSecurityIssuesofDataLinkLayer:An
Overview
ShahidMahmood
SyedMuhammadMohsin
SyedMuhammadAbrarAkber
DepartmentofComputerScience,SchoolofComputerScienceandDepartmentofComputerScience,VirtualUniversityofPakistan,COMSATSUniversityIslamabad,Technology,HuazhongUniversityofScience
Lahore,PakistanandTechnology,Wuhan,430074,ChinaIslamabad,45550,Pakistan
Email:shahid1mahmood8@yahoo.comEmail:syedmmohsin9@yahoo.comEmail:abrar@hust.edu.cn
Abstract—Thereisacardinalinfrastructureofapplicationsoftware’s,protocols,andphysicaldevicesoverdifferentsortofwiredandwirelessnetworks,thatneedtocommunicatewitheachother,whetherlocatednotonlyonearthbutalsointhespace.OSIseven-layersmodelhasbecomeaninternationalstandardtocommunicatesecurelyandconfidentlyamongdifferentkindsofthecorporatenetworkswhilekeepingtheotherOSIlayersunfamiliarwiththecurrentlayerofcommunication.Thissecrecyamongthelayersresultsinvulnerabilitytoattackinawaythatifonelayeriscompromisedtoattack,theotherlayerswillnotbeabletodetectitproperly.ThisindividualityofOSIlayersmakesthewholenetworkseverelyvulnerabletoattackparticularlyduetothedatalinklayerascomparedtootherlayers.Generallynetworksecurityproblemsatlayer2arenotproperlyaddressedascomparedtootherlayers,ratherthepeoplefocusonthedevice’ssecurityforthewholemanagementsysteminstead.Thispaperencompassesnetworksecurityproblemsfacedduetolackofhardeningthelayer2anditalsodescribes,howitmakesaLANorthesystemofnetworksmorevulnerabletoattacks,especiallyfortheMACflooding,ARPspoofing,VLANhopping,DHCPattacks,Denial-of-Service(DoS)andSpanningTreeProtocolinaveryconcisemanner.
IndexTerms—OSImodel,Security,DoSattack,ARP,STA
eventheeducationalinstitutionsonrisk.Theattackersgettingaccessnotonlytotheprivatelivesofhumansbutalsotothecriticalinfrastructuresofindustriesandthecountry[1]–[4].Mostly,networklayerintheOSImodelisconsideredtheweakestsection.Whilethelayer2(datalinklayer)isignoredandnothandledproperly,thatcanbethepossibleweakestlayeramongalltheOSImodel[3].Researchershavedevisedthetechniquestopreventtrojans,maliciousemails,infecteddocuments,andtheapplicationfromthetransportlayerorthenetworklayer.Buttheyignorethedatalinklayerandmostlyfocusonthesecurityofthedeviceitself,ratherfocusingonthewholemanagementsystemsofanenterprise[5].However,toattackthedatalinklayerisnotaneasytask,andmostofthetimes,networkadministratorsthinkitissafe,buttheyunderestimatetheattackers.
Usually,anattackercanaffecttheIPandWirelessLANsinthefollowingways.
••••
I.INTRODUCTION
Intherecentera,wehaveoccasionallylistenedaboutthehackingeventsoccurredinagovernmentportal,researchinstitutesecuritycenter,hackedthesensitiveinformationfromanoilcompany,jammedthepowerstationoranairport.AstheInformationTechnology(IT)andcommunicationequipmentsuchascellularphonesandthetabsaregraduallybecominganessentialpartofourdailylife,theprobabilityofsuchattacksisrapidlyincreasingcorrespondingly.Thesedevicesaremakingthelifemoreconvenientandgettingourtrustrapidly,aswell.Forinstance,thesedevicesareperformingfunctionsofperceptioncontrol.Theconveniencegotbyhumanisnotcost-free,astheyareputtingourlives,ourcountry,and
c2020IEEE978-1-7281-4970-7/20/$31.00
DenialofServiceAttackontheLAN
Eavesdroptheelectronictransmission
Analyzingandmanipulatingtheflowingdata
Twoormorethantwoofaboveattacksincombination
IfanattackerisabletoapplyanyoftheaboveattacksattheLANornetworkofsystems,hecanaffectthecomprehensivesecuritystrategyofanorganization,criticalinfrastructureofelectroniccommunication,governmentmanagementsystemsand/orthepublicinstitutionsseriously.Usually,acriticalinfrastructurewithinacountryismonitoredviainternetsecu-rityserviceprovidersandmobilecommunicationcompanies.Thereareprosandconsofinformationtransmissionthroughthelocalareanetworkand/orinternet.Forinstance,controlinformation,sometimescan’tbesuccessfullytransmittedtotheenddevicesduetodenial-of-services(DoS)attack.DoSattackiseasytobeimplementedintheWirelessLANsasthefrequencyjammingequipmentareeasilyavailablecommer-cially.Inlastfewyears,theWi-Fitechnologyhasflourishedveryrapidly,andWi-Fi6hasachieveditstheoreticalspeedof
Fig.1:OSIseven-layermodel[1],[3],[10]
about9.6Gbps.Bythisdevelopmentindatatransmission,onecanimaginethefutureofWi-Fitechnology[4],[13],[17].Insummary,above-mentionedattacksarelikelytoattaintheIDsanduserpasswords,whichisathreattowirelesslocalareanetworks.Ontheotherhand,themanufacturesarealsoawareoftheattackingtechniques,sotheyalsodoeverypossibleefforttomitigatethesethreats.Fore.g.,theeffortsmadebythemanufacturerstomitigatetheLayer2CAMoverflowattack,CiscohasintroducednewtechnologyintoiOScalledportsecurity.Inthispaper,weareparticularlyfocusingonthesecurityproblemsandpotentialback-doorsinthedatalinklayeroftheOSImodel.
Section2ofthisstudyelaboratesthebackgroundofthetopicwhileprominentsecurityattacksondatalinklayerarediscussedinsection3ofthisstudy.Section4iscomposedofconclusionandthefuturework.
II.BACKGROUND
Tocomprehensivelyunderstandthenetworksecurityprob-lemsandissuesinthedatalinklayer,weneedabriefintroductiontothislayer.TheOSIseven-layermodelwasdevelopedaccordingtotheInternationalOrganizationforStandards(ISO),sothatdifferentkindofdeviceshavingavarietyofsoftwareapplicationsinstalled,distinctphysicalcharacteristics,andinterfacescancommunicatewitheachothersecurelyandconfidently.Eachlayerabovethecurrentlayerisservedbythecurrentlayerandeachabovelayersrelyonthefunctionalityofitsattacheddownwardlayer.Butthefunctionalityofeachlayeriscontrastingfromeachaboveandbelowtheattachedlayer[6].Fig.1ofthisstudyshowstheOSIreferencemodelhavingashortdescriptionofeachlayer.Whereas,roleandresponsibilityalongwithpotentialthreatsatanyspecificlayerareshowninFig.2.
Datalinklayerestablishesthecommunicationamongthevarietyofdevicesinthesystemofnetworks,identifyingtheirpeculiarMACaddress,correctstheerrorsoccurredatthephysicallayerandtransfersdataonthefunctionaland
Fig.2:FunctionsandattacksateachlayerofOSImodelproceduralbases.Datalinklayerconsistsoftwosub-layers,LogicalLinkLayer(LLC)andMAClayers.Layer2oftheOSImodelisresponsibletoprovidethefollowingfunctionalities[7]–[9].
•Framing
•Accesscontrol•MACaddressing•Dataratecontrol
•Mediaaccesscontrol(MACsublayer)
•Errorcorrectionreceivedfromthephysicallayer
III.SECURITYATTACKSATDATALINKLAYER
ConsideringtheimportanceandcriticalityofdatalinklayerinOSImodel,wehaveselecteditforcomprehensivesurveyrelatedtoitssecurityissues.Followingsectionencompassesthedetaileddescriptionofsecuritythreatsofdatalinklayer.A.Spanningtreeprotocol
Therecanbemultiplepathsamongtheclientandservertoprovideabackuppath,whiletheoriginalpathisnotavailable.Duetomultiplepathsamongaserverandaclient’ssystem,threetypesofframescanloopforeverinthenetworkthatisuni-cast,broadcast,andmulti-cast.Itisthespanningtreeprotocol(STP)thatdetectstheseloopingframesandpreventthemfrombeingforwardedtothenextswitchorbridgeinthenetwork,havingmultiplepaths.Spanningtreeprotocolusesaspanningtreealgorithm(STA)called802.1DIEEEanditisdesignedtorunontheswitchesand/orbridgesthatarecompatiblewithstandard802.1DIEEE[11].STPensuresthattherearenoloopswhilehavingredundantlinksinthenetwork.Incaseoffailureoftheoriginallink,thesearetheredundantlinksthatprovidetheconnectivityonthelocalareanetwork.Ifwedon’temployasingleSTPatatimeontheswitchofalocalareanetwork(LAN),thenincaseoffailureoftheoriginalpath,therewillbeseveralpathshavingloopmessagesintheintendednetwork.
ThereareseveraltypesofSTPs.ItisrecommendedtouseasingletypeofSTPatatime,toavoidthetimingproblemsontheswitchednetworks.Thesetimingissuesmayresultinblockingandforwardingproblemsinvirtuallocalarea
Fig.3:Spanningtreeprotocolbeforerootprivileges[8],[12]
Fig.4:Attackerisabletoillegallylistenthetraffic[8],[12]
networks(VLANs).Becauseatatime,asingleswitchcanhandleasingleflavorofSTP.Thereisamaincontrolunitinthenetworkcalledrootbridge,responsiblefordoingdecisionsrelatedtothenetwork,forexample,itdecidesabouttheport,eithertoputitintoaforwardingorblockingmodeetc.Onthebasesofthenetworkdevices,VLANisclassifiedintotwoenvironments,oneisswitchedenvironmentandotheristhebridgeenvironment.Intheswitchedenvironment,usually,therootswitchisconsideredtherootbridgeofthenetwork.AseachVLANhasitsdomain,soeachVLANmusthaveitsseparaterootbridgeaswell.However,asingleswitchmayserveastherootofasingleoralltheVLANssimultaneously.Inbridgeenvironment,decisionofrootcanbemadeau-tomaticallyormanually,however,thewrongselectionoftherootbridgecanresultinsub-optionalpathsinthenetworks.Fortheselectionofaswitchoraportasarootswitchoratrunkportaccordingly,weusethemulti-castmessagescalledbridgeprotocoldataunits(BPDUs).ThisBPDUisconsideredtheconfigurationmessagesintheVLANs.RootBridgesareresponsibletomulti-casttheBPDUstotheotherswitchesthatuseaformulatodeterminewhichonetheneededtobedisabledandwhichoneallowedtoforwardtrafficontotheVLAN,asshowinFig.3.Thebridgehavingtheleast
costorsmallerrootIDisselectedastherootbridgeandallotherswitchesnotallowedtoforwardthetrafficand/ornottobecomearootbridgesduetotheirhigherrootID.OtherswitchesdonotadvertisetheirIDanymoreduetotherootID.Theattackingtechniqueinthisscenarioisthatanattackermulti-caststhefalselyconfiguredBPDUstotheswitchesonaVLAN.Devicesonthecorporatenetworkconsidertheattacker’sswitchastherootbridge.Tomaketheattacksuccessful,theattackerneedstwobridges,twoswitchesortwowirelesslocalareanetwork(WLAN)connectionstoinfluencethenetworkeffectively.Afterbecomingroot,theattackercanlistentoallthetrafficofthevictim’snetworkandevencaninsertnewframes.Theattackerbeingtherootcandoaman-in-the-middleattack(MITM)whilebeinginthemiddlepositionoftheserverandtheclient[12].ThisscenarioisshowninFig.4ofthisstudy.
B.BasicVLANhoppingattack
AccordingtoIEEE802.1Q,arootbridgeisallowedtocarryalltheVLAN’strafficfromoneswitchtotheotherswitch,whiletheaccesslinkswitchconnectstheend-userstoaccesstheirparticularVLAN.TherecanbemanyopenportsoveraVLANtoallowtherequestofanewconnectionfromthemembersofthenetwork.Anyonecanconnecthislaptoptothelocalareanetworkthroughtheseopenports.Toautomatethediscoveryoftrunklinksbetweentheswitches,Ciscohasdevisedaprotocolcalleddynamictrunkingprotocol(DTP).TheDTPcanbeusedtonegotiateaswellasfortheformationofnewtrunklinksinaVLAN.Furthermore,DTPcanalsobeusedtodiscovertheencapsulationused,eitherCiscoISL(Inter-SwitchLink)orIEEE802.1Q.[1],[13]–[15].
AnattackersendsthefalseDTPmessagesoveraVLANtoturnanaccesslinkintoatrunklinktoaccessallthetrafficthatisnormallyfilteredfromtheaccesslinks.Inthiswayanattackercanviewallcommunicatinginformationofatrunklink.
C.DoubletaggingVLANhoppingattack
TooperatetheVLANs,themessagescontainingadditional802.1Qheaderrotateamongthebackboneandendaccesspointintheentirenetwork.The802.1Qheadercontainstwotags,onefortheend-userthatisoutertagandotheristheserviceproviderthatistheinnertagofthemessagerotatingintheVLAN.ThedoubletagsheaderallowedonlytotherootswitchesallowedtosendwhiletheaccesslinksarenotallowedintheVLAN.TheoutertagisstrippedoutastheframeentersthetrunklinksofaVLAN(dynamicdesirableoptionenabledswitch),whiletheothertagcontainsthevictim’srelatedinformationdeliveredtothevictim,asshowninFig.5.CiscosupportstwotypesofportstoconnectwithdeviceseithertoasingleormultipleVLANsi.e.,trunkportandaccessport.ATrunkportisusuallyalinkconnectingtwoswitchesoronerouterandoneswitchortworoutersformingabackboneoftheVLAN,whiletheaccessportsareusedtoconnecttheend-users.Anattackerusuallyliesontheaccessport,wantstoaccessavictimhostfromthesameVLANbutontheother
Fig.5:DoubletaggingVLANhoppingattack
TABLEI:Summaryofcriticalsecurityattacksatdatalinklayer
AttackNameDescriptionMACAttacksAswitchisfloodedwithrandomMACaddress.This(CAMTablemakestheswitch’stabletobecomefilled.TheswitchFlooding)istheforcedtooperatelikeahub(i.e.framesareforwardedouttoalltheports)
STPAttacksWrongBPDUframesaresenttoswitchestochangethespanning-treetopology.DoSattackscanbelaunchedifthetopologyisfrequentlychanged.CDPAttacksWrongCDPinformationissenttoswitchorrouterstointerferewiththeiroperations.
VLANAttacksBysendingwrongVLANinformationtoswitches,eitheri)configurationsofnetworksarechanged,orii)operationofnetworkareseverelyaffected.
DHCPNetworksareattacksbyinterferingDHCPoper-ations.Attackslikeamaninthemiddlecanbelaunched.
ARPAttacksNetworksareattacksbyinterferingARPoperations.Intheseattacks,networkoperationcanbeseverelyaffected(e.g.arogueroutercanbecomethedefaultgatewayofanetwork)
accessport,traversingthroughthetrunkportinitsway.Ciscoswitchesusethe802.1Qtagenabledonthetrunkports.TherearefourstatesinwhichCiscoswitchescanoperate,asstatedbelow.•Trunk
•Dynamicauto•Dynamicdesirable•No-negotiate
ThreemodesofCiscoswitches,trunk,dynamicautoanddynamicdesirablepermitchanginganaccessportintotrunkport,whiletheothermodedonotallowanaccessporttobeatrunkport.ThissortofattackcanbeperformedonlyinonedirectionwhilebeingonthesameVLAN,asshowninFig.5ofthisstudy.
Now,wearegoingtobrieflydiscusstheattacksthatcanaffectthedevelopmentofsystem-securitypolicyandarethehottopicsfortheimplementationofbasicsafetyoperations.TheseattacksaremorecommonascomparedtothefirstonesmentionedintheearliersectionsasgiveninTable1ofthisstudy[14],[16].
D.CiscoDiscoveryProtocolattack
Ciscodiscoveryprotocol(CDP)isanetwork-independentandmedia-independentprotocol,enabledbydefaultintheCiscoswitchesandroutershence,cansendtheCDPannounce-mentsoverthecorporatenetwork.CiscoswitchesfortheirconfigurationrelyontheCDPannouncementsthatconsistof
theversionoftheoperatingsystem,hostname,portID,devicetype,duplexsetting,virtualtrunkingprotocol(VTP)domain,thepowerdrawn,sourceanddestinationaddressesandtime-to-live.However,theseframesarehighlyextensibleduetotheuseoftype-length-value(TLV)format.So,furtherinformationcanbeaddedtotheseannouncementframesduetotheTLVfeatures.
Toavoidthemis-configurationofdynamicroutingpro-tocols,CDPusesamethodofoperationcalledon-demandrouting.InwhichCDPannouncementsprovidetheroutinginformationondemand.ThedevicesinacorporatenetworkcanupdatetheirCDPdatabasefromtheheadersofthepacketreceivedaccordinglyandnewdevicescanbeaddedtothecorporatenetwork.However,Ciscodevicescan’tpropagatetheCDPmessages.Ciscoswitchesusedynamictrunkingprotocol(DTP)thatsupportsfourmodesofoperation,mentionedabove.IfaCiscoswitchisinthefirsttwomodesofoperationsi.e.,dynamicdesirableanddynamicauto,anattackerwillbeabletoconvertanaccesslinkintoatrunklink.Inthefirstmodeofoperation,CiscorootroutersandswitchescansendtheCDPmessagestootherdevicesonacorporatenetwork,whiletheotherdevicescanconfigurethemselvesaccordinglyfortheirconnectivitytothenetwork.Theinformationsentthroughthesemessagesconsistofsender/receiverIPaddress,CiscoIOS,softwareversionusedinCiscodevices,timetoliveapacket,themodelnumberofswitchesandroutersandtheircapabilities,etc.Thetime-to-liveinformationisusedtodefinethelifeofpacketinacorporatenetwork.Whentheroutersandswitchesareinfirsttwomodesofoperations,anattackernotonlycangettheinformationrelatedtothenetworkbutalsocanover-flowdevice’smemoryandcanpotentiallycrashtherootswitchesbysendingfalsenumerousCDPframes.
InthegenerationandduringtransmissionofCDPframenoauthenticationisprovided.Hence,afalseCDPframecaneasilybecraftedandsentoverthenetworktotheconnecteddevices.IfanattackergetsaccessviaTelnet,hecancollecttheCDPsandhencethenecessaryinformationofentiretopologyofthenetworkrunningatlayer2and3.CDPattackscenarioisshowninFig.6.Thisusefulinformationmakeshimabletocraftaveryeffectiveattackagainstthenetwork,forinstance,man-in-the-middleattack[4],[13].E.CAMtableoverflowattack
CAMstandsforcontentaddressablememory(CAM)ta-blethatissystemmemoryconstruct.EthernetswitchesarevulnerabletoCAMtableoverflowattack.Forinstance,CiscoswitchesstoretheMACaddresses,correspondingphysicalportandVLANIDonwhichend-userislocated.
Usually,CiscoCAMtableisdesignedtostore100to10000MACaddressessimultaneously.IfthenewMACaddressesarebeingreceivedcontinuouslyattherespectiveportfromclientofaparticularcorporatenetwork,thenitmayleadtoCAMtableoverflowattack.Eachentryremainsabout300secondsintheCAMtableoftheethernetswitch.CAMtablestorestheMACaddressesfortherespectiveportnumberforeachentrymadeintheCAMtable.Ifanaddressalreadyexistsin
Fig.6:CDPattack[2],[17],[18]
Fig.7:CAMtableover-flowattack[2],[16],[17]
thetable,thenonlythetime-stampisupdatedotherwisenewentryismadeinthetableforanewaddressthatisanewconnectionfromthememberofaVLAN.
AttackerstakeadvantageofthemaxsizeoftheCAMtableandsendnumerouspacketscontainingfalseMACaddresses.So,thereceivednumberofMACaddressesexceedsthemaxtablecapacity.Inthissituation,theswitchturnsintoahubandenablestheattackertoaccesseveryclientinacorporatenetworkoravirtuallocalareanetwork(VLAN).Attackerstakethedesiredexactinformationofthehostsandthestructureofalocalareanetwork(LAN)andperformaman-in-the-middle(MITM)attacksmoreeffectivelyinthecorporatenetworkasshowninFig.7[4],[13],[17].F.MACspoofingattack/ARPpoisoning
Theaddressresolutionprotocol(ARP)isaprotocolthatnormallyworksonthenetworklayer,however,MACaddressspoofingisperformedonthedatalinklayer.Inthespoofingprocess,gratuitousARP(GARP)packetissentoverthenetwork.TheGARPissenttoannouncethecombinationofspoofedMACandIPaddresses.Thedevicesconnectedtothelocalareanetworkorvirtuallocalareanetwork(VLAN),maintainacachecontainingtheIPaddressesandtheircor-respondingMACaddressesforeachentry.BecausethereisnoauthenticationsystemforreceivedARPpackets,adevicecansendfalseframescontainingfalseMACaddresses.So,
Fig.8:MACspoofingattack[10],[16],[17]
thecachedentriesinthetargetdevicesalsochangeuponreceivingafalseGARPpacket.ThewholeprocessofmakingafalseentryintheARPcacheofadeviceiscalledtheARPpoisoning.Anattackercanproclaimhisaccessswitchasthedefaultgatewayforthecorporatenetwork.AnattackerusesARPpoisoningforthispurpose,asshowninFig.8.TheARPpoisoningenforcesallthegatewaytraffictopassthroughtheattacker’sswitch.Thisscenariomakeshimabletoanalyzeallthetrafficbeforeforwardingtotherealgatewaydevice.Anattackercansystematizethenecessarychangestothepacketswhichheenforcesthroughhisfalsegateway[17].G.DHCPstarvationattack
Dynamichostconfigurationprotocol(DHCP)isusedforhostconfigurationintheIPnetworkstoallowcommunicationamongtheDHCPserverandDHCPclients.TheDHCPserverprovidestheconfigurationparametersforanIP-networksuchasdefaultgateway,hostIPaddresses,leasetimeforanIPaddressandothers.AroutercanalsobeconfiguredasaDHCPserver.ADHCPserverprovidesnecessaryinformationautomaticallyupontherequestmadefromaDHCPclient.IntheDHCPstarvationattack,anattackermaysendtonsoffalseIPaddressesassigningrequestssothatthetotalcapacityoftheDHCPserverexhaustsandDHCPservercan’tservetherealclientsanymore,asshowninFig.9ofthiswork.Inthissituation,anattackercansetafalseDHCPserver,ontheIPnetworkwhichsendstheDHCPrepliestotheclientsthatarenottherepliesfromactualDHCPserverbutthesearethemanipulatedrepliesfromillegalDHCPserver[10],[17].H.Wireless802.11(Wi-Fi)attack
Wi-Fiisanacronymofthe‘wirelessfidelity’toprovideWLANservicesthroughcompatibledevicessuchasWi-Firouters.TheWi-Finetworks(WLANs)areeasiertoestablishandmaintainascomparedtothecorporatenetworkconsistingofethernetcables.Wi-Ficardsaremostofthetimebuilt-inonthecomputers,otherscanaddexternalcardstohaveWi-Finetworkservices.Whilethewired(ethernet)connectionsrequiretohavethecablestobeproperlyinstalled.Dueto
Fig.9:DHCPstarvationattacks[1],[3],[10]
theirsimpleandlesscostlyinstallation,anattackercandothefollowingthingstotheWi-Filocalareanetwork(WLAN).•Easilycanputhimselfbetweentheserverandtheclient•CandotheDenial-of-Service(DoS)attack•Abletocaptureallthetraffic
TwowaysbywhichanattackercanconnecttoaWi-FiLAN,aregiveninthefollowing.
•Establishafalseaccesspoint(AP)havinghigherinten-sitysignalsthantheoriginaloneandprovideasimilarconfigurationastheoriginalonehaveandwaitforthenewclientsgotconnectedwithit.
•De-authenticatetheoriginaloneortwoclientsofanAPandcreateanewclienthavingsamecredentialsastherealAP,sothatde-authenticatedclientgotconnectedwithrogueAP.
Thedenial-of-servicesattackonaWirelessLANcanbeformedbythefollowingtwopossibleways.
•TherecanbemadenumerousrequeststothewirelessLANthatwillover-flowtheresourcesofanAP.Hence,theaccesspointwillrejectalltheoriginalclients’con-nectionrequestmadefurther.
•ManydevicesarecommerciallyavailablethatcanaffecttheoperationalfrequencyofAPandtheaccesspointwillbeunabletoprovidetheservicesonthesamefrequency.AneavesdroppercancaptureallthetrafficfromanAPifhehassimplyawirelessnetworkcard.AnattackermayusethefollowingtwoeasystepstocapturethenetworktrafficthroughNIC.
•Installthewirelessnetworkinterfacecard
•PutthewirelessNICintomonitoring(promiscuous)mode[4],[18].
IV.CONCLUSIONANDFUTUREWORK
Untillastdecadeofthe19thcentury,traditionalnetworkingconsistedofthehubs,switchesandethernetcables.Thetech-nologyoftodayisbasedonlightwavesandelectromagneticwavesforconnectivitysuchastheWi-Fi6,ratherrelyingontheethernetcables[19].Incurrentera,about61percentoftheemployeeswithinanorganizationhaveaccesstotheWi-Finetworksintheiroffices.Thiseaseofaccesshasputoursecrecyonriskandhasintroducednewvulnerabilities
View publication stats
suchasunauthorizedaccesstothecriticalinfrastructureofanorganization,companyrecordsandevensolidarityofacountry.
Focusingontheimportanceandcriticalityofnetworksecurityissuesatdatalinklayer,wehavepresentedadetailedoverviewofthesecurityproblemsrelatedtonetworklayer2(datalinklayer),andbrieflyconsolidatedonthetechniquesthroughwhichanetworkadministratorconceivesvulnerabil-itiesthatmayoccuratotherlayersofOSImodelduetothedatalinklayer.Weemphasizedondevelopingageneralun-derstandingofthenetworksecurityproblemsatlayer2ofOSImodel.However,thedevelopersandmanufacturersarealsoontheirwaytoperformtheirroleinthepreventionofnetworkhacksforexampletechniquesdevelopedbythedeveloperstoovercometheCAMoverflowattacksisnamedastheportsecu-rityprovidedbytheCiscomanufacturers.Protectionsystemsexisttopreventthenetworksecurityproblemssuchasthehost-basedintrusionprotection(HIP),firewalls,intrusionprotectionsystems(IPS),host-basedintrusionprotection(HIPS)etc.Infuturewewilldeviseacomprehensiveframeworktocountersecuritythreatsofdatalinklayer.
REFERENCES
[1]A.Annapurna,S.Mohammed,D.Madhuri,DataLinkLayer-Security
Issues,InternationalJournalofComputerScience&EngineeringTech-nology(IJCSET),vol.4,p.4,1009-1012.[2]J.szombat,Hackerekt´amadt´akmegazEur´opaiBizotts´agot,[Online].
Available:https://www.origo.hu/nagyvilag/20121110-hackerek-tamadtak-meg-az-europai-bizottsagot-azerbajdzsanban.html.
[3]GReAT,The”RedOctober”Campaign,14January2013.[Online].
Available:https://securelist.com/the-red-october-campaign/57647/.[4]Wi-Fi,2019.[Online].Available:http://en/Wikipedia.org/wiki/Wi-Fi.[5]M.LAJOS,Azinformatikaibiztons´agegylehets´egesrendszertana,2008.[6]B.T.B.Risteski,SimulationAnalysisofDoS,MITMandCDPSecurity
AttacksandCountermeasures,FutureAccessEnablersofUbiquitousandIntelligentInfrastructures,p.197-203,2015.[7]DataLinkLayer,July2019.[Online].Available:
http://www.ee.surrey.ac.uk/Projects/CAL/networks/DataLinkLayer.
[8]HackingLayer2:FunwithEthernetswitches,Cisco,2013.[On-line].Available:https://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.[9]A.O’Keeffe,ThedifferencebetweenLayer3
andLayer2networks,2019.[Online].Available:https://www.aussiebroadband.com.au/blog/difference-layer-3-layer-2-networks/.[10]OSImodel,Wikipedia,2019.[Online].Available:
https://en.wikipedia.org/wiki/OSImodel.
[11]M.Sanchez,EncyclopediaofParallelComputing,2011,p.12-40.[12]SpanningTreeProtocol,Cisco,2019.[Online].Available:
https://www.cisco.com/c/en/us/tech/lan-switching/spanning-tree-protocol/index.html.
[13]D.F.a.K.-Y.W.Kai-HauYeung,ToolsforAttackingLayer2Network
Infrastructure,2008.[14]VLANhopping,wikipeida,2019.[Online].Available:
https://en.Wikipedia.org/wiki/VLANhopping.
[15]WhatisSpanningTreeProtocol(STP),2019.[Online].Available:
http://www.omnisecu.com/cisco-certified-network-associate-ccna/what-is-spanning-tree-protocol-stp.php.
[16]G.Marro,AttacksattheDataLinkLayer,Masterthesis,TheUniversity
ofCaliforniaatDavis,2003.[17]IEEE802.11ax,Wikipedia,2019.[Online].Available:
https://en.wikipedia.org/wiki/IEEE802.11ax
[18]Wi-Fi6,tp-link,2019.[Online].Available:http://www.tp-link.com/us/wifi6.
[19]M.S.Y.I.Husameldin,MitigationofDHCPstarvationattack,Com-puters&ElectricalEngineering,vol.38,no.5,p.1115-1128,2012.
因篇幅问题不能全部显示,请点此查看更多更全内容