LAN Switch Security: What Hackers Know about Your Switches / Edition 1

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $30.60
Usually ships in 1-2 business days
(Save 54%)
Other sellers (Paperback)
  • All (10) from $30.60   
  • New (6) from $51.77   
  • Used (4) from $30.60   

Overview

LAN Switch Security: What Hackers Know About Your Switches

A practical guide to hardening Layer 2 devices and stopping campus network attacks

Eric Vyncke

Christopher Paggen, CCIE® No. 2659

Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks.

Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches.

After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks.

Eric Vyncke has a master’s degree in computer science engineering from the University of Liège in Belgium. Since 1997, Eric has worked as a Distinguished Consulting Engineer for Cisco, where he is a technical consultant for security covering Europe. His area of expertise for 20 years has been mainly security from Layer 2 to applications. He is also guest professor at Belgian universities for security seminars.

Christopher Paggen, CCIE® No. 2659, obtained a degree in computer science from IESSL in Liège (Belgium) and a master’s degree in economics from University of Mons-Hainaut (UMH) in Belgium. He has been with Cisco since 1996 where he has held various positions in the fields of LAN switching and security, either as pre-sales support, post-sales support, network design engineer, or technical advisor to various engineering teams. Christopher is a frequent speaker at events, such as Networkers, and has filed several U.S. patents in the security area.

Contributing Authors:

Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.

Steinthor Bjarnason is a consulting engineer for Cisco.

Ken Hook is a switch security solution manager for Cisco.

Rajesh Bhandari is a technical leader and a network security solutions architect for Cisco.

  • Use port security to protect against CAM attacks
  • Prevent spanning-tree attacks
  • Isolate VLANs with proper configuration techniques
  • Protect against rogue DHCP servers
  • Block ARP snooping
  • Prevent IPv6 neighbor discovery and router solicitation exploitation
  • Identify Power over Ethernet vulnerabilities
  • Mitigate risks from HSRP and VRPP
  • Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols
  • Understand and prevent DoS attacks against switches
  • Enforce simple wirespeed security policies with ACLs
  • Implement user authentication on a port base with IEEE 802.1x
  • Use new IEEE protocols to encrypt all Ethernet frames at wirespeed.

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Category: Cisco Press–Security

Covers: Ethernet Switch Security

Read More Show Less

Product Details

  • ISBN-13: 9781587052569
  • Publisher: Cisco Press
  • Publication date: 9/20/2007
  • Series: Networking Technology: Security Series
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 340
  • Product dimensions: 7.31 (w) x 9.12 (h) x 0.78 (d)

Meet the Author

Eric Vyncke has a master’s degree in computer science engineering from the University of Liège in Belgium. He

worked as a research assistant in the same university before joining Network Research Belgium. At Network

Research Belgium, he was the head of R&D. He then joined Siemens as a project manager for security projects,

including a proxy firewall. Since 1997, he has worked as a distinguished consulting engineer for Cisco as a technical

consultant for security covering Europe. For 20 years, Eric’s area of expertise has been security from Layer 2 to

the application layer. He is also a guest professor at some Belgian universities for security seminars. Eric is also a

frequent speaker at security events (such as Networkers at Cisco Live and RSA Conference).

Christopher Paggen joined Cisco in 1996 where he has held various positions gravitating around LAN switching

and security technologies. Lately, he has been in charge of defining product requirements for the company’s current

and future high-end firewalls. Christopher holds several U.S. patents, one of which pertains to Dynamic ARP

Inspection (DAI). As CCIE No. 2659, Christopher also owns a B.S. in computer science from HEMES (Belgium)

and went on to study economics at UMH (Belgium) for two more years.

Read More Show Less

Table of Contents

Contents

Introduction xix

Part I

Vulnerabilities and Mitigation Techniques 3

Chapter 1

Introduction to Security 5

Security Triad 5

Confidentiality 6

Integrity 7

Availability 8

Reverse Security Triad 8

Risk Management 8

Risk Analysis 9

Risk Control 10

Access Control and Identity Management 10

Cryptography 11

Symmetric Cryptosystems 13

Symmetric Encryption 13

Hashing Functions 13

Hash Message Authentication Code 14

Asymmetric Cryptosystems 15

Confidentiality with Asymmetric Cryptosystems 16

Integrity and Authentication with Asymmetric Cryptosystems 17

Key Distribution and Certificates 18

Attacks Against Cryptosystems 19

Summary 21

References 21

Chapter 2

Defeating a Learning Bridge’s Forwarding Process 23

Back to Basics: Ethernet Switching 101 23

Ethernet Frame Formats 23

Learning Bridge 24

Consequences of Excessive Flooding 26

Exploiting the Bridging Table: MAC Flooding Attacks 27

Forcing an Excessive Flooding Condition 28

Introducing the macof Tool 30

MAC Flooding Alternative: MAC Spoofing Attacks 34

Not Just Theory 35

Preventing MAC Flooding and Spoofing Attacks 36

Detecting MAC Activity 36

Port Security 37

Unknown Unicast Flooding Protection 39

Summary 40

References 41

Chapter 3

Attacking the Spanning Tree Protocol 43

Introducing Spanning Tree Protocol 43

Types of STP 46

Understanding 802.1D and 802.1Q Common STP 46

Understanding 802.1w Rapid STP 46

Understanding 802.1s Multiple STP 47

STP Operation: More Details 47

Let the Games Begin! 53

Attack 1: Taking Over the Root Bridge 55

Root Guard 58

BPDU-Guard 58

Attack 2: DoS Using a Flood of Config BPDUs 60

BPDU-Guard 62

BPDU Filtering 62

Layer 2 PDU Rate Limiter 63

Attack 3: DoS Using a Flood of Config BPDUs 63

Attack 4: Simulating a Dual-Homed Switch 63

Summary 64

References 65

Chapter 4

Are VLANS Safe? 67

IEEE 802.1Q Overview 67

Frame Classification 68

Go Native 69

Attack of the 802.1Q Tag Stack 71

Understanding Cisco Dynamic Trunking Protocol 76

Crafting a DTP Attack 76

Countermeasures to DTP Attacks 80

Understanding Cisco VTP 80

VTP Vulnerabilities 81

Summary 82

References 82

Chapter 5

Leveraging DHCP Weaknesses 85

DHCP Overview 85

Attacks Against DHCP 89

DHCP Scope Exhaustion: DoS Attack Against DHCP 89

Yensinia 89

Gobbler 90

Hijacking Traffic Using DHCP Rogue Servers 92

Countermeasures to DHCP Exhaustion Attacks 93

Port Security 94

Introducing DHCP Snooping 96

Rate-Limiting DHCP Messages per Port 97

DHCP Message Validation 97

DHCP Snooping with Option 82 99

Tips for Deploying DHCP Snooping 99

Tips for Switches That Do Not Support DHCP Snooping 100

DHCP Snooping Against IP/MAC Spoofing Attacks 100

Summary 103

References 103

Chapter 6

Exploiting IPv4 ARP 105

Back to ARP Basics 105

Normal ARP Behavior 105

Gratuitous ARP 107

Risk Analysis for ARP 108

ARP Spoofing Attack 108

Elements of an ARP Spoofing Attack 109

Mounting an ARP Spoofing Attack 111

Mitigating an ARP Spoofing Attack 112

Dynamic ARP Inspection 112

DAI in Cisco IOS 112

DAI in CatOS 115

Protecting the Hosts 115

Intrusion Detection 116

Mitigating Other ARP Vulnerabilities 117

Summary 118

References 118

Chapter 7

Exploiting IPv6 Neighbor Discovery and Router Advertisement 121

Introduction to IPv6 121

Motivation for IPv6 121

What Does IPv6 Change? 122

Neighbor Discovery 126

Stateless Configuration with Router Advertisement 127

Analyzing Risk for ND and Stateless Configuration 129

Mitigating ND and RA Attacks 130

In Hosts 130

In Switches 130

Here Comes Secure ND 131

What Is SEND? 131

Implementation 133

Challenges 133

Summary 133

References 133

Chapter 8

What About Power over Ethernet? 135

Introduction to PoE 135

How PoE Works 136

Detection Mechanism 136

Powering Mechanism 138

Risk Analysis for PoE 139

Types of Attacks 139

Mitigating Attacks 140

Defending Against Power Gobbling 140

Defending Against Power-Changing Attacks 141

Defending Against Shutdown Attacks 141

Defending Against Burning Attacks 142

Summary 143

References 143

Chapter 9

Is HSRP Resilient? 145

HSRP Mechanics 145

Digging into HSRP 147

Attacking HSRP 148

DoS Attack 149

Man-in-the-Middle Attack 150

Information Leakage 151

Mitigating HSRP Attacks 151

Using Strong Authentication 151

Relying on Network Infrastructure 153

Summary 155

References 155

Chapter 10

Can We Bring VRRP Down? 157

Discovering VRRP 157

Diving Deep into VRRP 159

Risk Analysis for VRRP 161

Mitigating VRRP Attacks 161

Using Strong Authentication 162

Relying on the Network Infrastructure 162

Summary 163

References 163

Chapter 11

Information Leaks with Cisco Ancillary Protocols 165

Cisco Discovery Protocol 165

Diving Deep into CDP 165

CDP Risk Analysis 167

CDP Risk Mitigation 169

IEEE Link Layer Discovery Protocol 169

VLAN Trunking Protocol 170

VTP Risk Analysis 172

VTP Risk Mitigation 173

Link Aggregation Protocols 174

Risk Analysis 176

Risk Mitigation 177

Summary 178

References 178

Part II

How Can a Switch Sustain a Denial of Service Attack? 181

Chapter 12

Introduction to Denial of Service Attacks 183

How Does a DoS Attack Differ from a DDoS Attack? 183

Initiating a DDoS Attack 184

Zombie 184

Botnet 185

DoS and DDoS Attacks 186

Attacking the Infrastructure 186

Common Flooding Attacks 187

Mitigating Attacks on Services 187

Attacking LAN Switches Using DoS and DDoS Attacks 188

Anatomy of a Switch 188

Three Planes 189

Data Plane 189

Control Plane 190

Management Plane 190

Attacking the Switch 190

Data Plane Attacks 192

Control Plane Attacks 192

Management Plane Attacks 193

Switch Architecture Attacks 193

Summary 194

Reference 194

Chapter 13

Control Plane Policing 197

Which Services Reside on the Control Plane? 198

Securing the Control Plane on a Switch 198

Implementing Hardware-Based CoPP 200

Configuring Hardware-Based CoPP on the Catalyst 6500 200

Hardware Rate Limiters 201

Hardware-Based CoPP 203

Configuring Control Plane Security on the Cisco ME3400 203

Implementing Software-Based CoPP 206

Configuring Software-Based CoPP 207

Mitigating Attacks Using CoPP 211

Mitigating Attacks on the Catalyst 6500 Switch 211

Telnet Flooding Without CoPP 211

Telnet Flooding with CoPP 212

TTL Expiry Attack 215

Mitigating Attacks on Cisco ME3400 Series Switches 218

CDP Flooding 218

CDP Flooding with L2TP Tunneling 219

Summary 222

References 222

Chapter 14

Disabling Control Plane Protocols 225

Configuring Switches Without Control Plane Protocols 225

Safely Disabling Control Plane Activities 227

Disabling STP 227

Disabling Link Aggregation Protocols 228

Disabling VTP 228

Disabling DTP 228

Disabling Hot Standby Routing Protocol and Virtual Routing Redundancy

Protocol 228

Disabling Management Protocols and Routing Protocols 229

Using an ACL 230

Disabling Other Control Plane Activities 232

Generating ICMP Messages 232

Controlling CDP, IPv6, and IEEE 802.1X 233

Using Smartports Macros 234

Control Plane Activities That Cannot Be Disabled 235

Best Practices for Control Plane 236

Summary 236

Chapter 15

Using Switches to Detect a Data Plane DoS 239

Detecting DoS with NetFlow 239

Enabling NetFlow on a Catalyst 6500 244

NetFlow as a Security Tool 246

Increasing Security with NetFlow Applications 247

Securing Networks with RMON 249

Other Techniques That Detect Active Worms 252

Summary 255

References 255

Part III

Using Switches to Augment the Network Security 257

Chapter 16

Wire Speed Access Control Lists 259

ACLs or Firewalls? 260

State or No State? 261

Protecting the Infrastructure Using ACLs 261

RACL, VACL, and PACL: Many Types of ACLs 263

Working with RACL 264

Working with VACL 265

Working with PACL 267

Technology Behind Fast ACL Lookups 267

Exploring TCAM 268

Summary 270

Chapter 17

Identity-Based Networking Services with 802.1X 273

Foundation 273

Basic Identity Concepts 274

Identification 274

Authentication 274

Authorization 275

Discovering Extensible Authentication Protocol 275

Exploring IEEE 802.1X 277

802.1X Security 279

Integration Value-Add of 802.1X 281

Spanning-Tree Considerations 281

Trunking Considerations 283

Information Leaks 283

Keeping Insiders Honest 285

Port-Security Integration 285

DHCP-Snooping Integration 286

Address Resolution Protocol Inspection Integration 286

Putting It Together 287

Working with Multiple Devices 288

Single-Auth Mode 288

Multihost Mode 289

Read More Show Less

Preface

Introduction

LAN and Ethernet switches are usually considered as plumbing. They are easy to install and configure, but it is easy to forget about security when things appear to be simple.

Multiple vulnerabilities exist in Ethernet switches. Attack tools to exploit them started to appear a couple of years ago (for example, the well-known dsniff package). By using those attack tools, a hacker can defeat the security myth of a switch, which incorrectly states that sniffing and packet interception are impossible with a switch. Indeed, with dsniff, cain, and other user-friendly tools on a Microsoft Windows or Linux system, a hacker can easily divert any traffic to his own PC to break the confidentiality or the integrity of this traffic.

Most vulnerabilities are inherent to the Layer 2 protocols, ranging from Spanning Tree Protocol to IPv6 neighbor discovery. If Layer 2 is compromised, it is easier to build attacks on upper-layers protocols by using techniques such as man-in-the-middle (MITM) attacks. Because a hacker can intercept any traffic, he can insert himself in clear-text communication (such as HTTP or Telnet) and in encrypted channels (such as Secure Socket Layer SSL or secure shell SSH).

To exploit Layer 2 vulnerabilities, an attacker must usually be Layer 2 adjacent to the target. Although it seems impossible for an external hacker to connect to a company LAN, it is not. Indeed, a hacker can use social engineering to gain access to the premises, or he can pretend to be an engineer called on site to fix a mechanical problem.

Also, many attacks are run by an insider, such as an onsite employee. Traditionally, there has beenan unwritten and, in some cases, written rule that employees are trusted entities. However, over the past decade, numerous cases and statistics prove that this assumption is false. The CSI/FBI 2006 Computer Crime and Security Survey1 reported that 68 percent of the surveyed organizations' losses were partially or fully a result of insiders' misbehavior.

Once inside the physical premises of most organizations, it is relatively easy to find either an open Ethernet jack on the wall or a networked device (for example, a network printer) that can be disconnected to gain unauthorized network access. With DHCP as widely deployed as it is and the low percentage of LAN-based ports requiring authentication (for example, IEEE 802.1X), a user's PC obtains an IP address and, in most cases, has the same level of network access as all other valid authorized users. Having gained a network IP address, the miscreant user can now attempt various attacks.

With this new view on trust assumed to a network user, exposure to sensitive and confidential information that traverses networks is a reality that cannot be overlooked. Most, if not all, organizations do have access security designed into their applications and in many of the document repositories. However, these are not bulletproof; they help only to ensure appropriate authorized users access the information held within these applications or repositories. These access-control techniques do not prevent malicious users from snooping the wire to gain access to the information after it's in motion. Most of the information traversing networks today is not encrypted. Savvy and, in many cases, curious network users with script kiddy tools can easily snoop on the wire to view anything in clear text. This can be as benign as meeting notifications or sensitive information, such as user names, passwords, human-resources or health records, confidential customer information, credit-card information, contracts, intellectual property, or even classified government information. It goes without saying that a company's information assets are important and, in some cases, the backbone of the company. Information leaks or exposure can be extremely detrimental and, in some cases, cause significant financial repercussions. Companies can lose their reputations and, in turn, lose a loyal customer base overnight.

The knowledge base required to snoop the wire has dramatically changed over the last decade with the rise of tools designed to expose or take advantage of weaknesses of networking protocols such as Yersinia and Cain. These tools are in many cases context sensitive and embody help menus making eavesdropping, tampering, and replay of information traversing our networks more widely prevalent. Equally, once a user has access; they can exploit vulnerabilities in the operating systems and applications to either gain access or tamper with information to cause a denial of services.

On the other hand, Ethernet switches and specific protocols and features can augment the security posture of a LAN environment with user identification, wire speed security policy enforcement, Layer 2 encryption, and so on.

Goals and Methods

When talking about vulnerabilities in a switch-based network, the approach is first to describe the protocol, to list the vulnerabilities, and to explain how to prevent or mitigate those vulnerabilities. Because this book also covers techniques to increase a network's security by using extra features, those features are described and case scenarios are given. When necessary, configuration examples or screen shots are provided.

Who Should Read This Book?

This book's primary audience is network architects with knowledge of Ethernet switching techniques and the basics of security.

This book's secondary audience is security officers. You need to have a bare-minimum understanding of networking but, because this book explains all vulnerabilities and prevention techniques in detail, readers do not have to be an expert in Ethernet switches.

Both enterprises and service providers will find useful information in this book.

How This Book Is Organized

This book is organized into four distinct parts:

Part I, "Vulnerabilities and Mitigation Techniques." Detailed explanation of several vulnerabilities in Layer 2 protocols and how to prevent all attacks against those vulnerabilities.

Within Part I, each chapter's structure is similar. It always starts with a description of the protocol and then gives a detailed explanation of this protocol's vulnerabilities. It concludes with prevention or mitigation techniques.


  • Chapter 1, "Introduction to Security," introduces security to networking people. Concepts such as confidentiality, integrity, and availability are defined. Encryption mechanisms and other cryptosystems are explained.

  • Chapter 2, "Defeating a Learning Bridge's Forwarding Process," focuses on the IEEE 802.1d bridge's learning process and on content-addressable memory (CAM), which forwards Ethernet frames to their intended destination. This process is vulnerable and a mitigation technique, called port security, is presented.

  • Chapter 3, "Attacking the Spanning Tree Protocol," shows that IEEE 802.1D spanning tree can be attacked, but you can prevent those attacks with features such as bridge protocol data unit (BPDU) guard and root guard.

  • Chapter 4, "Are VLANs Safe?," covers the IEEE 802.1Q VLAN tags. It destroys the myth that VLANs are isolated with the default configuration. The attack is presented, and a secure configuration is explained so that the myth becomes a reality (for example, no one can jump from one VLAN to another one).

  • Chapter 5, "Leveraging DHCP Weaknesses," explains some vulnerabilities in DHCP and how to prevent a rogue DHCP server in a network with a feature called DHCP snooping.

  • Chapter 6, "Exploiting IPv4 ARP," starts with an explanation of an Address Resolution Protocol (ARP) vulnerability called ARP spoofing. It shows how DHCP snooping can be leveraged with DAI to block this attack.

  • Chapter 7, "Exploiting IPv6 Neighbor Discovery and Router Advertisement," is more forward thinking because it discusses IPv6's new auxiliary protocols: neighbor discovery and router advertisement. These protocols have inherent weaknesses that are addressed by a new protocol: secure neighbor discovery.

  • Chapter 8, "What About Power over Ethernet?," describes what Power over Ethernet is and whether vulnerabilities exist in this feature.

  • Chapter 9, "Is HSRP Resilient?," talks about the high-availability protocol Hot Standby Routing Protocol (HSRP). HSRP's vulnerabilities are explained and mitigation techniques are presented.

  • Chapter 10, "Can We Bring VRRP Down?," does the same analysis for the standard-based Virtual Router Redundancy Protocol (VRRP): description, vulnerabilities, and mitigation techniques.

  • Chapter 11, "Information Leaks with Cisco Ancillary Protocols," provides information about all ancillary protocols, such as Cisco Discovery Protocol (CDP).

Part II, "How Can a Switch Sustain a Denial of Service Attack?" In-depth presentation of DoS attacks: how to detect and mitigate them.

  • Chapter 12, "Introduction to Denial of Service Attacks," introduces DoS attacks, where they come from, and their net effect on a network.

  • Chapter 13, "Control Plane Policing," focuses on the control plane (which is the plane where routing and management protocols are running). Because it can be attacked, it must be protected. Control plane policing is shown to be the best technique to achieve protection.

  • Chapter 14, "Disabling Control Plane Protocols," explains what techniques can be used when control plane policing is not available, such as on old switches.

  • Chapter 15, "Using Switches to Detect a Data Plane DoS," leverages NetFlow and Network Analysis Module (NAM) to detect a DoS attack or an aggressively propagating worm in the network. The goal of early detection is to better fight the DoS attack even before the users or customers become aware of it.

Part III, "Using Switches to Augment Network Security." How to leverage Ethernet switches to actually augment your LAN's security level.

  • Chapter 16, "Wire Speed Access Control Lists," describes where an access control list (ACL) can be used in a switch: at the port level, within a VLAN, or (as usual) on a Layer 3 port. These ACLs enforce a simple security policy at wire speed. The technology behind those ACLs is also explained.

  • Chapter 17, "Identity-Based Networking Services with 802.1X," explains how IEEE 802.1X can be effectively used in a switch to implement user authentication on a port base. Some caveats of this protocol are presented as well as features to circumvent those limitations.

Part IV, "What Is Next in LAN Security?" How a new IEEE protocol will allow encryption at Layer 2.

  • Chapter 18, "IEEE 802.1AE," describes new protocols from IEEE that can encrypt all Ethernet frames at wire speed.

The Appendix, "Combining IPsec with L2TPv3 for Secure Pseudowire," illustrates how the combination of two older protocols, Layer 2 tunnel protocol (L2TP) and IP security (IPsec), can be combined to encrypt all Layer 2's traffic between two switches.

Reference

1 Gordon, Lawrence A., Martin P. Loeb, William Lucyshyn, and Robert Richardson. 2006 CSI/FBI Computer Crime and Security Survey. Computer Security Institute. 2006.


© Copyright Pearson Education. All rights reserved.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)