Skip to Content

CompTIA SY0-701: What is the best way to mitigate MAC address table flooding attacks on network switches?

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Learn how to effectively mitigate MAC address table flooding attacks on network switches using port security. Discover why port security is the optimal solution for preventing unauthorized access and ensuring network stability.

Table of Contents

Question

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

A. Load balancer
B. Port security
C. IPS
D. NGFW

Answer

B. Port security

Explanation

The best way to mitigate a MAC address table flooding attack on network switches is by implementing port security (Option B).

Port security is a layer 2 security feature that allows network administrators to control which devices can access specific ports on a switch. By configuring port security, you can limit the number of MAC addresses that can be learned on each port, preventing attackers from flooding the MAC address table with a large number of bogus MAC addresses.

Here’s how port security works to mitigate MAC address table flooding attacks:

  1. MAC address limiting: Port security allows you to set a maximum number of MAC addresses that can be learned on each port. Once the limit is reached, the switch will not learn any new MAC addresses on that port, effectively preventing the attacker from flooding the table.
  2. Violation actions: When a violation occurs (i.e., an unauthorized MAC address is detected), port security can be configured to take one of three actions:
    • Protect: The port will drop packets from the unauthorized MAC address but will continue to forward packets from authorized MAC addresses.
    • Restrict: The port will drop packets from the unauthorized MAC address and will generate a security violation log message.
    • Shutdown: The port will be automatically disabled (err-disabled state) when an unauthorized MAC address is detected, requiring manual intervention to re-enable the port.
  3. Secure MAC addresses: Port security allows you to define specific MAC addresses that are allowed to access each port. This can be done manually or dynamically (learning the first ‘x’ MAC addresses that connect to the port).

Other options, such as load balancers (A), intrusion prevention systems (C), and next-generation firewalls (D), while important security tools, do not directly address the issue of MAC address table flooding attacks on network switches.

In summary, port security is the most effective way to mitigate MAC address table flooding attacks on network switches by limiting the number of MAC addresses that can be learned on each port, taking action when violations occur, and defining secure MAC addresses. Implementing port security ensures that attackers cannot flood the MAC address table and maintains the stability and security of the network.

CompTIA SY0-701 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the CompTIA SY0-701 exam and earn CompTIA SY0-701 certification.