CDP and Network security

sabrouch001 · ‎12-06-2005

Hi,

If CDP is activated and someone succeeded to get in one device in the network can he easly get in the other devices??

Please if you have any document about CDP and Network security this my email tw_sabri@yahoo.fr

thanks for your help and have a nice day.

Richard Burts · ‎12-06-2005

Sabri

In general I believe that CDP poses little security threat on the inside of the network. On interfaces which connect outside of the network we may frequently disable CDP on those interfaces because we do not want to send any information about our network to devices outside of the network.

But on interfaces which connect inside of the network there is very little security exposure in running CDP. If someone manages to access one device in your network CDP is a minor concern. How easy or how difficult it is to access other devices depends on how well protected the other devices are. Most of the things that someone could learn from CDP (like version of software) do not contribute to being able to access a device. And the information that might aid in accessing other devices (like their IP addresses or names) are available through other ways (like the ARP table, and DNS resolution of names).

So my advice is to disable CDP on interfaces that connect outside of your network. And continue to run CDP on interfaces that connect inside your network.

HTH

Rick

HTH

Rick

sabrouch001 · ‎12-07-2005

thanks for your help Rick it's very kind of you .have a nice day.