A security technician at a small business is worried about the Layer 2 switches in the network suffering from a
DoS style attack caused by staff incorrectly cabling network connections between switches.
Which of the following will BEST mitigate the risk if implemented on the switches?
Access control lists
Spanning Tree is designed to eliminate network ‘loops’ from incorrect cabling between switches. Imagine two
switches named switch 1 and switch 2 with two network cables connecting the switches. This would cause a
network loop. A network loop between two switches can cause a ‘broadcast storm’ where a broadcast packet is
sent out of all ports on switch 1 which includes two links to switch 2. The broadcast packet is then sent out of all
ports on switch 2 which includes links back to switch 1. The broadcast packet will be sent out of all ports on
switch 1 again which includes two links to switch 2 and so on thus flooding the network with broadcast traffic.
The Spanning-Tree Protocol (STP) was created to overcome the problems of transparent bridging in redundant
networks. The purpose of STP is to avoid and eliminate loops in the network by negotiating a loop-free path
through a root bridge. This is done by determining where there are loops in the network and blocking links that
Spanning-Tree Protocol executes an algorithm called the Spanning-Tree Algorithm (STA). In order to find
redundant links, STA will choose a reference point called a Root Bridge, and then determines all the available
paths to that reference point. If it finds a redundant path, it chooses for the best path to forward and for all other
redundant paths to block. This effectively severs the redundant links within the network.
All switches participating in STP gather information on other switches in the network through an exchange of
data messages. These messages are referred to as Bridge Protocol Data Units (BPDUs). The exchange of
BPDUs in a switched environment will result in the election of a root switch for the stable spanning-tree network
topology, election of designated switch for every switched segment, and the removal of loops in the switched
network by placing redundant switch ports in a backup state.