1 / 15

Network Security and Monitoring

Network Security and Monitoring. Some network vulnerabilities and threats Reconnaissance Monitoring. Network Vulnerabilities . Technology vulnerabilities Operation system vulnerabilities Configuration vulnerabilities Etc. TCP/IP Vulnerabities.

bsims
Download Presentation

Network Security and Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security and Monitoring • Some network vulnerabilities and threats • Reconnaissance • Monitoring

  2. Network Vulnerabilities • Technology vulnerabilities • Operation system vulnerabilities • Configuration vulnerabilities • Etc

  3. TCP/IP Vulnerabities • Many TCP/IP based applications have inherent vulnerabilities • TFTP • Telnet • Use more secure apps (SSH, etc) • Some standard TCP/IP applications are used for reconnaissance and attacks • SNMP • ICMP

  4. Reconnaissance • What is reconnaissance? • Reconnaissance is the process of acquiring information about your network • While it usually precedes an attack the point where reconnaissance stops and attacks begin isn’t always clear • What type of information are they seeking? • Network topology • Device type and OS • Addressing • Services and assets • Personnel/account passwords

  5. Reconnaissance • Social engineering • Enumeration • Footprinting/Fingerprinting

  6. Network Enumeration • Network Enumeration is the discovery of hosts/devices on a network. • May be accomplished by use of overt discovery protocols such as ICMP and SNMP • May also use port scans of various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host and solicit host specific banners.  

  7. Fingerprinting • Passive fingerprinting uses tools to analyze communications to and from a remote host while it goes about it's normal business.

  8. Fingerprinting • Active fingerprinting tools rely on stimulus-response. • Different Operating Systems respond to packets (stimulus) in different ways. The source will send certain packets to the target then analyze the target’s response to identify the operating system.

  9. IP Spoofing • Attacker can use IP spoofing to impersonate the identify of a trusted host or decoy • Typically limited to injection of data or commands, since replies to a spoofed address will not reach the attacker

  10. Some Layer 2 Threats • CDP/LLDP Reconnaissance • MAC Address Table Flooding Attack • CAM table overflow attack • VLAN Attacks • Switch spoofing/insertion – create trunk • DHCP Attacks • DHCP spoofing or starvation (DOS)

  11. Some Protection methods • 802.1x – device authentication • Supplicant • Authenticator • Authenticating Server

  12. Some Protection methods • Telnet/SSH authentication • AAA - Authentication, Authorization, Accounting • Local database • Remote Authentication Dial-In User Service (RADIUS) • Terminal Access Controller Access Control System (TACACS)

  13. Other Vulnerabilities • Telnet/SSH authentication • AAA - Authentication, Authorization, Accounting • Local database • Remote Authentication Dial-In User Service (RADIUS) • Terminal Access Controller Access Control System (TACACS)

  14. Monitoring • Use attacker utilities • Attack your own network • SNMP • SNMP agent – community strings • SNMP manager • MIB • Traps

  15. Monitoring • Port mirroring (SPAN) • Allows station to receive frames intended for others • Local or remote • IPS/IDS • Packet analyzer

More Related