Scarlett Black Digital Portfolio
AP Networking Portfolio | 2025-2026
View the Project on GitHub Scarletteblack/Black-Scarlett-AP-Networking-Portfolio
Switch Security
Design and Planning
Definitions
- Threat → any potential issue that has the potential to cause harm to a network, system, or data
- Vulnerability → weakness in a system/network which can be exploited
- Control → refers to managing network traffic, security, and resources, all helping to protect against threats
- Prevent vs. Mitigate → Prevent: eliminate the possibility of a security incident or network disruption, Mitigate: minimize the impact and likelihood of a security threat
Common LAN Threats & Why Switches Are Vulnerable
Inside a LAN, endpoint devices would be the easiest to compromise as they often have low security. Being “inside” the network makes a device more dangerous as it already bypassed the external network security and only has to deal with the internal controls. On a typical LAN, devices can see the broadcast traffic, like the DHCP and ARP, allowing devices to see live hosts and MAC/IP addresses.
Scenario Assessment
| Scenario | Symptoms | Hypothesis | Justification |
|---|---|---|---|
| A | Several devices report connectivity/speed issues despite being connected to the switch. The default gateway is different from what was expected. | APR Spoofing | A rogue device is acting as the default gateway and therefore other devices on the network are experiencing latency issues and the gateway address would be different from expected |
| B | A switch begins to display increased CPU usage, resulting in the network performance becoming inconsistent. The switch logs reveal that hundreds of MAC addresses are appearing on a single switch port over a short window. | MAC Flooding Attack | The CPU is overloaded with fake MAC addresses, slowing down the whole network |
| C | The switch is assigning IP addresses to devices but placing them in the wrong subnet. Some users report being unable to access the internet, while others experience DNS issues. | DHCP Issue | The DHCP is assigning incorrect IP configurations to some devices, revealing that while the official DHCP seems to be functioning normally, there is some inconsistency |
| D | An unregistered device appears on the LAN and is communicating with other hosts. The device was never approved to be on the LAN, and logs show that activity began from a wall jack in a public, lightly monitored area. | Unauthorized Plug-In | There is a lack of port security, and therefore plugged-in devices are implicitly trusted and given access to the network |
| E | A student workstation is recorded communicating with internal systems that should not be accessible to students. No firewall alerts were triggered, and traffic appears to be internal | VLAN Misconfiguration | The VLAN responsible for the segmentation between student devices and other internal systems did not function properly |
VM Evidence
An attacker could misuse this information as ARP requests and replies are open and reveal active IPs and hostnames with associated MAC addresses. For instance, the IP 10.12.17.123 responds consistently and numerous hostnames appear in the tcpdump arp command. This vulnerability allows attackers to view live hosts and target specific devices for various attacks, exploiting the trusting nature of this LAN.
Technical Development
From Observations to Decisions
Visualizing Switch Security with Packet Tracer
| VM Evidence | Vulnerability | Control | Why This Control Mitigates Risk |
|---|---|---|---|
| Flat Network | Adding separiations to the network | This separations prevents unuthorised device communication | |
| No Network Segmentation | Adding VLANs to the Network | The addition of separation would ensure that devices do not have access to the full network | |
| Lack of Joining Restrictions | Adding Port Security | The addition of port security mitigates the risk of rogue devices joining the network | |
| Unrestricted Network | Adding an ACL | This would ensure that only allowed devices (based on IP addresses) could access sensitive material |
Testing and Evaluation
Task C - Mini-Threat Simulation
The attacker would need to discover the network information, like IP address, default gateway, and live hosts, which are all discoverable via observing the LAN traffic. In this scenario, the network traffic is most directly targeted, so the attacker can collect information in order to further take over the network. Legitimate users would likely notice little to no changes in the network behavior, aside from slightly slower responses. The Ubuntu Desktop VM best matches the attacker’s point of view because it behaves like a regular endpoint device on the network but has visibility into the local network behavior.
Define Trust and Restrictions
Students → Server - Restricted: Sensitive data on the servers should not be accessible to students; however, specific student records on the servers should be accessible to individual students.
Students → Teachers - Restricted: Access should be restricted to protect teachers’ files and other sensitive data; however, monitored pathways of communication should be accessible to students.
Students → Administration - Denied: There is no reason that students need to communicate directly with Administrative workstations, and if there are extenuating circumstances in which a student might need to, they should go through monitored channels with an advisor or counselor.
Teachers → Servers - Restricted: Teachers require access to update information stored on the servers, such as grades, incidents, and notes, though they do not need full access, as personal student information should not be made available to teachers unless deemed necessary.
Administration → Servers - Restricted: While administrators need more access to the servers, unrestricted access is not a good idea in order to keep all sensitive data safe.
Student VLANs and Guest VLANs should be trusted least, as there are the most students, thus the highest volume of devices, and often lack security. Server VLANs should be the most secure as they contain private and sensitive data for everyone at the school. The switch should be strictest at the access layer, where devices are connecting, in order to ensure that unauthorized devices don’t join the network.
Professional Security Rationale
VLANs are the primary layer of security, logically isolating traffic. Segmentation prevents unauthorized lateral movements within a network; however, it cannot prevent insider threats or port security vulnerabilities.
Reflection
This unit was very informative on security regarding switches and VLANs. The lesson also acted as a refresher on attacks and vulnerabilities. Additionally, it taught about access and when authorization is neccessary. In packet tracer, VLANs were set up and tested with firewalls to see success.