Authors:
Pan Jieke
1
;
João Redol
1
and
Miguel Correia
2
Affiliations:
1
Siemens Networks S.A, Portugal
;
2
Faculty of Sciences, University of Lisboa, Portugal
Keyword(s):
Specification-based Intrusion Detection, Ethernet, Spanning Tree Protocol, Network Topology, Security.
Related
Ontology
Subjects/Areas/Topics:
Internet Technology
;
Intrusion Detection and Response
;
Web Information Systems and Technologies
Abstract:
Layered network architectures (OSI, TCP/IP) separate functionality in layers, allowing them to be designed and implemented independently. However, from the security point of view, once a lower layer is compromised, the reliability of the higher layers can be impaired. This paper is about the security of the Data Link Layer, which can affect the reliability of higher layers, like TCP, HTTP and other World-Wide Web protocols. The paper analyzes security-wise a layer 2 protocol – the Spanning Tree Protocol (STP), part of the Ethernet suite – and presents a solution to detect attacks against this protocol using Specification-based Intrusion Detection.