Nowadays, the most important media access protocol is the Ethernet, the IEEE 802.3 standards. If you have a Local Area Network (LAN) with physical media, the odds are it runs Ethernet. “In recent years, Wi-Fi, the wireless LAN standardized by IEEE 802.11, has been used instead of Ethernet for many home and small office networks and in addition to Ethernet in larger installations.
Ethernet is a standard based media access protocol. This means it is very low level, it is the signaling layer on the media, and concerned with the connection of the computer to the LAN media. In fact, there are also several additional protocols on top of Ethernet in order to actually accomplish something useful on our networks. Ethernet’s primary job is to move data around on the network at the electrical or optical level
A chunk of data transmitted by Ethernet over the wire is called a frame; when we talk about frames, we generally mean something that we would analyze with optical/electrical tools such as oscilloscopes. When we talk about packets, it is more of the logical representation of the same information as a frame. On an Ethernet network, only a single node should be transmitting a frame at any time. If multiple systems are transmitting simultaneously, a collision will occur, which can cause both signals to fail and require the systems to retransmit their frames. To keep the number of collisions to a minimum, a system is required to check whether anyone else is already transmitting before placing a frame on the wire. If another system’s signal is already on the wire, the system is expected to listen, identify that traffic is on the wire, and wait according to an algorithm designed to give each node a fair shot at using the network. If the line is clear, the system generates the signals required to send a packet and monitors the transmission to make sure there was no collision. These properties are summarized under Ethernet’s designation as a Carrier Sense Multiple Access/Collision Detection (CSMA/CD) protocol.
The primary weakness with Ethernet is that it is a broadcast system. Every message sent out by any computer on a segment of Ethernet wiring reaches all parts of that segment and potentially could be read by any computer on the segment. A network layer two switch is to be used to reduce the exposure to “packet sniffing”.
In addition to one other smart Ethernet vulnerability, a flaw in the device driver that runs the Ethernet card was reported by security researchers where the device driver was padding the frames with information it was copying from the system rather than generating nulls. “The researchers suggest that the easiest way to exploit this vulnerability is to send ICMP echo commands to a machine running a vulnerable driver, which will then return bits of kernel memory data to pad the reply. These, in turn, can be searched for valuable information using a packet sniffer. Though this vulnerability was reported in 2003, this is the type of error that tends to continually reappear. It also supports the core axiom of organizational security. If you want to be secure, your organization must:
– Configure all operating systems properly and maintain proper configuration at all times
– Assess all network traffic entering and leaving your systems for security problems
Ethernet, LAN, Sniffing, CSMA, IEEE, Broadcast