Protecting Enterprise Networks against ARP Spoofing Attacks
Unlike devices on the internet, devices in the LAN don’t communicate directly via IP addresses. Instead, they use physical hardware addresses for addressing in local IPv4 networks. For the communication between hosts on LAN, the target MAC address needs to be initially determined before the packets can be delivered to the target. This process is mainly completed by address resolution protocols (ARP).
ARP spoofing is a type of attack in which an attacker sends a fake or spoofed ARP message over a local area network. In the attack the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for the IP address of default gateway to be sent to the attacker instead.
> ARP Spoofing Attack Protection
Q-Balancer is able to protect enterprise network against the threat of ARP spoofing. The solution is able to block uncertified ARP responses, and control network access for devices on LAN based on its static ARP entries. Thus, traffic is allowed through only when the IP of LAN host matches a specified MAC address on the static ARP table. Traffic from the IP hosts that are not listed on the static ARP table would be blocked.
IT manager can try to reduce the size of broadcasting domains to mitigate the impact of ARP spoofing. Q-Balancer supports VLAN setting, and thus IT manager can chop a LAN up into VLANs to isolate the attackers.
