A security technician at a small business is worried about the Layer 2 switches in the network
suffering from a DoS style attack caused by staff incorrectly cabling network connections between
switches.
Which of the following will BEST mitigate the risk if implemented on the switches?
A.
Spanning tree
B.
Flood guards
C.
Access control lists
D.
Syn flood
Explanation:
Spanning Tree is designed to eliminate network ‘loops’ from incorrect cabling between switches.
Imagine two switches named switch 1 and switch 2 with two network cables connecting the
switches. This would cause a network loop. A network loop between two switches can cause a‘broadcast storm’ where a broadcast packet is sent out of all ports on switch 1 which includes two
links to switch 2. The broadcast packet is then sent out of all ports on switch 2 which includes links
back to switch 1. The broadcast packet will be sent out of all ports on switch 1 again which
includes two links to switch 2 and so on thus flooding the network with broadcast traffic.
The Spanning-Tree Protocol (STP) was created to overcome the problems of transparent bridging
in redundant networks. The purpose of STP is to avoid and eliminate loops in the network by
negotiating a loop-free path through a root bridge. This is done by determining where there are
loops in the network and blocking links that are redundant.
Spanning-Tree Protocol executes an algorithm called the Spanning-Tree Algorithm (STA). In order
to find redundant links, STA will choose a reference point called a Root Bridge, and then
determines all the available paths to that reference point. If it finds a redundant path, it chooses for
the best path to forward and for all other redundant paths to block. This effectively severs the
redundant links within the network.
All switches participating in STP gather information on other switches in the network through an
exchange of data messages. These messages are referred to as Bridge Protocol Data Units
(BPDUs). The exchange of BPDUs in a switched environment will result in the election of a root
switch for the stable spanning-tree network topology, election of designated switch for every
switched segment, and the removal of loops in the switched network by placing redundant switch
ports in a backup state.