VLANs Layer 2 Attacks: Their Relevance and their Kryptonite

Presented at DEF CON 16 (2008), Aug. 8, 2008, 3 p.m. (50 minutes)

Proper network infrastructure configuration is a crucial step in a successful defense in depth strategy for any organization. The fact that the network fabric is susceptible to these attacks years after their initial discovery is alarming and disgusting at the same time. We propose to revisit these attacks using contemporary techniques and tools and also offer equally contemporary solutions to mitigate or foil these malicious networks attacks as the case may be. Networking professionals will be able to walk away from this presentation with solid remedies to these issues with a reinforcement that they actually still exist and are pertinent to a network security strategy that will function now and in the future.

Presenters:

• Anthony L. Williams - CEO & Information Security Architect, IRON::Guard Security, LLC
  Anthony L. Williams is the CEO and Information Security Architect for IRON::Guard Security, LLC where he performs penetration testing, vulnerability assessments, audits and incident response. His experience as an information security professional with over 13 years of IT experience include proficiency in regulatory environments including Sarbanes-Oxley and the Health Insurance Portability and Accountability Act with an extensive background in IT audits using ISO/BS 17799 and COBIT. Anthony is a member of the FBI Infragard, Information Systems Security Association and Information Systems Audit and Control Association.
• Marco Figueroa - CEO & Senior Security Analyst, MAF Consulting, Inc.
  Marco Figueroa is the CEO and Senior Security Analyst with MAF Consulting Inc, a New York City information security consulting firm. Marco's expertise includes reverse engineering malware, incident handling, hacker attacks and defenses. He has performed numerous security assessments, and responded to computer attacks for clients in market verticals. Marco holds the following certifications: CEH, GCIH, GREM, Security+, Network+, A+. Contact him at Marco.figueroa@mafcorp.net http://www.mafcorp.net.
• Kevin Figueroa - CEO & Information Security Engineer, K&T International Consulting, Inc.
  Kevin Figueroa is CEO and Information Security Engineer for K & T International Consulting, Inc providing a spectrum of services like security analysis, penetration testing, compliance audit, wireless security assessment, and reverse engineering analysis. Over the last 10 years he has developed security skills which has lead him to various employment opportunities like, CitiGroup, and CNN/money. He holds the following certifications: A+, Network +, Security +, CEH Contact him at kfigueroa@kandtcorp.com or http://www.ktinternationalconsulting.com

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#Figueroa
• https://www.youtube.com/watch?v=s1Li36U8wLI

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / Password Intelligence Project – Advanced Password Recovery and Modern Mitigation Strategies
• The Last HOPE (2008) / VLANs Layer 2 Attacks: Their Relevance and Their Kryptonite
• Black Hat USA 2010 / Security is Not a Four Letter Word