Product guide
1-12
Security Overview
Advanced Threat Detection
Advanced Threat Detection
Advanced threat detection covers a range of features used to detect anoma-
lous traffic on the switch and take mitigating action against network attacks.
BPDU Filtering and BPDU Protection
Protects the network from denial-of-service attacks that use spoofing BPDUs
by dropping incoming BPDU frames and/or blocking traffic through a port.
For more information, see “Configuring BPDU Filtering” and “Configuring
BPDU Protection” in the chapter titled “Multiple Instance Spanning-Tree
Operation” in the Advanced Traffic Management Guide for your switch.
Connection-Rate Filtering Based On
Virus-Throttling Technology
While not specifically a tool for controlling network access, this feature does
help to protect the network from attack and is recommended for use on the
network edge. It is primarily focused on the class of worm-like malicious code
that tries to replicate itself by taking advantage of weaknesses in network
applications behind unsecured ports. In this case, the malicious code tries to
create a large number of outbound IP connections on an interface in a short
time. Connection-Rate filtering detects hosts that are generating IP traffic that
exhibits this behavior, and causes the switch to generate warning messages
and (optionally) to either throttle or drop all IP traffic from the offending
hosts. Refer to Chapter 3, “Virus Throttling” for details.
DHCP Snooping, Dynamic ARP Protection,
and Instrumentation Monitor
These features provide the following additional protections for your network:
■ DHCP Snooping: Protects your network from common DHCP attacks,
such as address spoofing and repeated address requests.
■ Dynamic ARP Protection: Protects your network from ARP cache
poisoning.
■ Instrumentation Monitor. Helps identify a variety of other common
attacks by generating alerts for detected anomalies on the switch.
Refer to Chapter 11, “Configuring Advanced Threat Protection” for details.