Final answer:
To prevent VLAN hopping, it's important to disable trunking on unnecessary ports, enable port security, configure VLAN pruning, and use VLAN access control lists. Systems should be carefully monitored and managed to ensure strict access control and traffic regulation. The correct answer is option 1) Disable trunking on the switch ports.
Step-by-step explanation:
To prevent VLAN hopping, there are a number of security measures that can be implemented on network switches. Firstly, disable trunking on switch ports that do not specifically require trunking capabilities. By doing so, you are ensuring that only the necessary VLANs are allowed to pass through the trunk, which mitigates the risk of VLAN hopping. This is because VLAN hopping often exploits trunking ports that are misconfigured or left in their default settings. Secondly, enable port security on switch ports to restrict the number of MAC addresses allowed to communicate on a port, thereby preventing unauthorized devices from gaining access to the network.
Another measure is to configure VLAN pruning which limits the VLANs that are allowed to pass over a trunk link to only those that are necessary. By pruning unnecessary VLANs, you reduce the attack surface for VLAN hopping. Lastly, implementing VLAN access control lists (VACLs) can also provide a layer of security by defining rules for inter-VLAN traffic, thereby controlling which packets are allowed to move between VLANs.
The key in preventing VLAN hopping is to apply strict access control to both ends of the trunk connections and only allow necessary traffic. This, combined with diligent network monitoring and switch configuration management, forms a comprehensive approach to safeguarding against VLAN hopping attacks.