Like routers, both Layer 2 and Layer 3 switches have their own sets of
network security requirements. Often, little consideration is given to the
network security risks in switches and what can be done to mitigate those
risks. Switches are susceptible to many of the same Layer 3 attacks as routers.
Most of the network security techniques detailed in the section of the SAFE
Enterprise white paper titled "Routers Are Targets" also apply to
switches. However, switches, and Layer 2 of the OSI reference model in general,
are subject to network attacks in unique ways. These attacks include:
- CAM table overflow
- Media Access Control (MAC) address spoofing
- DHCP starvation
- VLAN hopping
- Spanning-Tree Protocol (STP) manipulation