An attacker wanting to eavesdrop on a network has several methods at their disposal to cause harm, notably with “man-in-the-middle” attacks where an attacking device pretends to be a valid member of the network to intercept traffic.
That method of attack is called “spoofing” which enables visibility into the device’s traffic and provides an option for attackers to use more aggressive network-disrupting tactics.
Device spoofing is a significant security threat, and it’s vital that your network have strong defenses. With our MS 10 firmware, Meraki is working to ensure your network remains secure with Dynamic ARP Inspection.
How does spoofing occur?
The attack works by deactivating the regular connection that switches use to pass information to client devices. The attacking device then misdirects traffic through itself by announcing its hardware address to devices that can hear it. The client devices aren’t smart enough to know the difference between the fake and real messages, so they begin forwarding potentially sensitive information to an attacking device.
The attacker can then spy on the traffic before forwarding the message to the correct device without anyone being the wiser.
How to defend against spoofing
Dynamic ARP Inspection (DAI) places safeguards at Layer 2 where bad actors may manipulate these important messages (ARP requests). DAI calls upon the network to verify whether the device handling the ARP requests is real or fake by checking whether that device has been seen before on the network. If the device hasn’t been seen, then messages from the attacking device are ignored.
Configuring DAI with Meraki is easy with MS 10. Note that to avoid disruption to your network, it’s essential to follow the steps in order.
In the Meraki dashboard, first, navigate to Switch > Switch Port and select the port associated with a DHCP Server or Relay. Select “Edit.”
Then navigate to “Trusted” and toggle to “enabled”.
Finally, navigate to Switch > DHCP Servers& ARP > DAI Status and select “Enabled.”
As with all things Meraki, the configuration of Dynamic ARP Inspection can be completed in seconds with our easy-to-use dashboard.
To learn more about other improvements in MS 10, please visit our documentation page or attend a webinar for a demonstration.
We are happy to announce the availability of our MS 10 firmware update for Meraki switches. The update introduces new features that improve the overall security, efficiency, and resilience of your network.
Let’s take a moment to review several of MS 10’s most notable features!
Security: Multi-Auth/Multi-Host
MS 10 introduces 802.1x Multi-Auth and Multi-Host authentication options to Meraki switches.
Multi-Authentication requires each host on a shared port to authenticate individually to gain network access. This log-in process is vital for network security in deployments with many autonomous clients.
Multi-Host Authentication allows a single host to open port access for subsequent clients after a single authentication. For example, someone using a desktop with multiple VMs would only need to authenticate a single time to gain access for all of her virtual machines. This reduces the frustration of needing to log-in multiple times when only a single authentication is needed.
Resilience: Enhanced Storm Control
Network storms occur when a set of switches endlessly forward packets between themselves, which clogs network bandwidth and causes normal network traffic to grind to a halt.
Enhanced Storm Control provides greater protection against network storms by allowing administrators to set limits on how much bandwidth can be allocated for certain types of traffic. If a storm does occur, damaging traffic will be limited to only a percentage of your total bandwidth capacity.
Resilience: Unidirectional Link Detection (UDLD)
Unidirectional link issues happen when a fiber cable is damaged or misinstalled and causes a loop that has the potential to disrupt the entire network.
A switch with UDLD prevents this type of loop by shutting down the port where a unidirectional link is detected. This keeps your network stable and more resilient against common causes of fiber-link errors.
Efficiency: Equal-Cost Multi-Path (ECMP)
Meraki uses OSPF routing which directs packets by determining the lowest-cost path to a destination. However, in situations where multiple equal-cost paths are available, some paths may be underutilized.
With Equal-Cost Multi-Path (ECMP), traffic is automatically load-balanced across up to 16 OSPF-learned paths which promote greater network efficiency.
Efficiency: Port Anomaly Detection
Port Anomaly Detection (formally called Spanning Tree Protocol /LAN Anomaly Detection) encompasses multiple enhancements for identifying and resolving spanning-tree and link issues. With the upgrade, the switch port icon indicates physical link errors and excessive link-status changes (STP issues). The individual switch ports will also display orange or red in the dashboard when these types of issues are detected.
More broadly, Anomaly Detection furthers Meraki’s mission of providing in-depth visibility into your network. By providing detection of erroneous network behavior, we help ensure network stability and scalability.
Increase your network’s resilience
If you would like to learn more about MS 10’s improvements, please visit our Knowledge Base or contact us directly.
For a full list of improvements, please login to your dashboard for more information:
