KB.15.15

Example

Figure 289 Log listing with and without detected security violations

For more Event Log information, see "Using the Event Log To Identify Problem Sources" in the

Management and Configuration Guide for your switch.

Using the event log to find intrusion alerts menu

In the Main Menu, click on 4. Event Log and useNext page and Prev page to review the

Event Log contents.

For more Event Log information, see "Using the Event Log To Identify Problem Sources" in the

Management and Configuration Guide for your switch.

Overview

As your network expands to include an increasing number of mobile devices, continuous Internet

access, and new classes of users (such as partners, temporary employees, and visitors), additional

protection from attacks launched from both inside and outside your internal network is often

necessary.

Advanced threat protection can detect port scans and hackers who try to access a port or the

switch itself. The following software features provide advanced threat protection and are described

here:

DHCP snooping

Protects your network from common DHCP attacks, such as:

• Address spoofing in which an invalid IP address or network gateway address is assigned

by a rogue DHCP server.

• Address exhaustion of available addresses in the network DHCP server, caused by repeated

attacker access to the network and numerous IP address requests.

Dynamic ARP protection:

Protects your network from ARP cache poisoning as in the following cases:

• An unauthorized device forges an illegitimate ARP response and network devices use the

response to update their ARP caches.

• A denial-of-service (DoS) attack from unsolicited ARP responses changes the network

gateway IP address so that outgoing traffic is prevented from leaving the network and

overwhelms network devices.

Overview 387