Filter
Top Products
F-2
Security Information
How Intruder Prevention Works
Security Information
How Intruder Prevention Works
Intruder Prevention stops an unauthorized computer (or other device) from
actively gaining access to the network. When a port is configured for Intruder
Prevention, the hub examines the source address of each packet coming in
through that port and compares it with the authorized MAC address. If the
addresses are not the same, the hub concludes that an intruder is attempting
to gain access to the network and takes the appropriate action (as configured):
either disabling the port, sending an alarm to the network management
station, or both. See “Setting Inbound Security with Intruder Prevention” later
in this appendix.
How Eavesdrop Prevention Works
Eavesdrop Prevention stops a computer (or other device) from seeing
network traffic that is not intended for that port. When Eavesdrop Prevention
is configured on a port, the hub compares the port’s authorized MAC address
with the destination address of any outbound packet. If the addresses match,
the hub concludes that the packet is destined for the computer attached to
the port, and it sends the packet out through the port unaltered. However, if
the addresses do not match, the hub prevents the computer from seeing the
packet’s contents by substituting a meaningless string of 1’s and 0’s. Note that
broadcast and multicast packets are repeated to all the ports, even when
Eavesdrop Prevention is activated. See “Setting Outbound Security with
Eavesdrop Prevention” later in this appendix.
Authorized MAC address
To provide data security on a hub port, a single, unique MAC address must be
configured as the authorized MAC address for each port. You can configure
the authorized MAC address either by assigning it or by designating the port
to learn it automatically. This configuration is performed with the Secure
command from the hub’s console. See the Secure command description in the
chapter on Managing the Hub.
MUCHO.BK : CF.FM5 Page 2 Thursday, June 26, 1997 11:37 AM