The 3750-X Cisco Catalyst Series Switches provide superior Layer 3 threat defense capabilities for mitigating man-in-the-middle attacks (such as MAC, IP, and ARP spoofing). TrustSec, a primary element of Borderless Security Architecture, helps enterprise customers secure their networks, data and resources with policy-based access control, identity and role-aware networking, pervasive integrity, and confidentiality. The borderless security is enabled by the following feature sets in the 3750-X Cisco Catalyst Series Switches:
- Threat defense
- Cisco TrustSec
- Other advanced security features
Xem sản phẩm tốt nhất: C9300-24T-A Danh mục nổi bật: Switch Cisco 9300 (NEW)
Cisco Integrated Security Features is an industry-leading solution available on Cisco Catalyst Switches that proactively protects your critical network infrastructure. Delivering powerful, easy-to-use tools to effectively prevent the most common and potentially damaging Layer 2 security threats, Cisco Integrated Security Features provides robust security throughout the network. Cisco Integrated Security Features include Port Security, DHCP Snooping, Dynamic ARP Inspection, and IP Source guard.
- Port Security secures the access to an access or trunk port based on MAC address. It limits the number of learned MAC addresses to deny MAC address-flooding.
- DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out bogus addresses. This feature is used by other primary security features to prevent a number of other attacks such as ARP poisoning.
- Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting the insecure nature of the ARP protocol.
- IP source guard prevents a malicious user from spoofing or taking over another user’s IP address by creating a binding table between the client’s IP and MAC address, port, and VLAN.
TrustSec secures access to the network, enforces security policies, and delivers standard based security solutions such as 802.1X enabling secure collaboration and policy compliance. TrustSec capabilities reflect Cisco thought leadership, innovations, and commitment to customer success. These new capabilities include:
- IEEE 802.1AE MACsec with prestandard 802.1X-REV Key management: industry’s first fixed switches with prestandard 802.1X-Rev key management. Available on Cisco Catalyst 3750-X Series Switches, MACsec provides Layer 2, line rate Ethernet data confidentiality and integrity on host facing ports, protecting against man-in-the-middle attacks (snooping, tampering, and replay).
- FIPS 140-2 validated for devices used in government and sensitive environments for extremely high levels of data security.
- Flexible authentication that supports multiple authentication mechanisms including 802.1X, MAC Authentication Bypass and web authentication using a single, consistent configuration.
- Open mode that creates a user friendly environment for 802.1X operations.
- Integration of device profiling technology and guest access handling with Cisco switching to significantly improve security while reducing deployment and operational challenges.
- RADIUS Change of Authorization and downloadable Calls for Comprehensive policy management capabilities.
- 802.1X Supplicant with Network Edge Access Transport (NEAT) enables extended secure access where compact switches in the conference rooms have the same level of security as switches inside the locked wiring closet.
Other Advanced Security Features
Other Advanced Security features include but are not limited to:
- Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multiaccesslike segment.
- Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic.
- Unicast Reverse Path Forwarding (RPF) feature helps mitigate problems caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address.
- Multidomain Authentication allows an IP phone and a PC to authenticate on the same switch port while placing them on appropriate voice and data VLAN.
- Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.
- Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
- Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
- Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
- Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Intrusion Detection System (IDS) to take action when an intruder is detected.
- TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts unauthorized users from altering the configuration.
- MAC Address Notification allows administrators to be notified of users added to or removed from the network.
- Multilevel security on console access prevents unauthorized users from altering the switch configuration.
- Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
- Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes.
- IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.
- Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server client capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast assignment of IP addresses.
✅ Liên hệ để có giá tốt
CÔNG TY TNHH HỆ THỐNG MẠNG [NETSYSTEM]
[Điện thoại] 024.37714430 – 024.37714417 – 024.37711222
[Hotline/Zalo] 0914025885 – 0915495885 – 0916498448 – 0914769119
[Email liên hệ] email@example.com