160 likes | 218 Views
Network Security and Monitoring. Some network vulnerabilities and threats Reconnaissance Monitoring. Network Vulnerabilities . Technology vulnerabilities Operation system vulnerabilities Configuration vulnerabilities Etc. TCP/IP Vulnerabities.
E N D
Network Security and Monitoring • Some network vulnerabilities and threats • Reconnaissance • Monitoring
Network Vulnerabilities • Technology vulnerabilities • Operation system vulnerabilities • Configuration vulnerabilities • Etc
TCP/IP Vulnerabities • Many TCP/IP based applications have inherent vulnerabilities • TFTP • Telnet • Use more secure apps (SSH, etc) • Some standard TCP/IP applications are used for reconnaissance and attacks • SNMP • ICMP
Reconnaissance • What is reconnaissance? • Reconnaissance is the process of acquiring information about your network • While it usually precedes an attack the point where reconnaissance stops and attacks begin isn’t always clear • What type of information are they seeking? • Network topology • Device type and OS • Addressing • Services and assets • Personnel/account passwords
Reconnaissance • Social engineering • Enumeration • Footprinting/Fingerprinting
Network Enumeration • Network Enumeration is the discovery of hosts/devices on a network. • May be accomplished by use of overt discovery protocols such as ICMP and SNMP • May also use port scans of various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host and solicit host specific banners.
Fingerprinting • Passive fingerprinting uses tools to analyze communications to and from a remote host while it goes about it's normal business.
Fingerprinting • Active fingerprinting tools rely on stimulus-response. • Different Operating Systems respond to packets (stimulus) in different ways. The source will send certain packets to the target then analyze the target’s response to identify the operating system.
IP Spoofing • Attacker can use IP spoofing to impersonate the identify of a trusted host or decoy • Typically limited to injection of data or commands, since replies to a spoofed address will not reach the attacker
Some Layer 2 Threats • CDP/LLDP Reconnaissance • MAC Address Table Flooding Attack • CAM table overflow attack • VLAN Attacks • Switch spoofing/insertion – create trunk • DHCP Attacks • DHCP spoofing or starvation (DOS)
Some Protection methods • 802.1x – device authentication • Supplicant • Authenticator • Authenticating Server
Some Protection methods • Telnet/SSH authentication • AAA - Authentication, Authorization, Accounting • Local database • Remote Authentication Dial-In User Service (RADIUS) • Terminal Access Controller Access Control System (TACACS)
Other Vulnerabilities • Telnet/SSH authentication • AAA - Authentication, Authorization, Accounting • Local database • Remote Authentication Dial-In User Service (RADIUS) • Terminal Access Controller Access Control System (TACACS)
Monitoring • Use attacker utilities • Attack your own network • SNMP • SNMP agent – community strings • SNMP manager • MIB • Traps
Monitoring • Port mirroring (SPAN) • Allows station to receive frames intended for others • Local or remote • IPS/IDS • Packet analyzer