| Summary: | 碩士 === 國防大學中正理工學院 === 資訊科學研究所 === 95 === This dissertation examines the threats of “VLAN Hopping Attack” and their countermeasures. Different approaches of the hopping attacks on different network environments are studied, implemented, and discussed thoroughly.
The VLAN (Virtual Local Area Network) is designed, based on the IEEE 802.1Q standard, to improve the network performance by adequately configuring the software of switches for segmenting broadcast domains, and commonly considered as a “secure network architecture”. Unfortunately, the original design of IEEE 802.1Q does not provide any authentication mechanism on the tag of IEEE 802.1Q frames, which may leave the network under the threats of malicious attacks.
We implement various “VLAN Hopping Attack” scenarios on different VLAN structures in order to understand and analyze the attacks in detail. Thereafter a network framework has been proposed as the countermeasures, and implemented in our test-bed. The principle of the proposed solution comes from the idea of “Defense in Depth", and results of the experiment show that our approaches are effective in defending VLAN hopping attack.
|
|---|
