More Related Content
Similar to CompTIASecPLUS-Part1 Unlimited Edition- Edited.pptx
Similar to CompTIASecPLUS-Part1 Unlimited Edition- Edited.pptx (20)
CompTIASecPLUS-Part1 Unlimited Edition- Edited.pptx
- 2. Introduction to Security
Copyright © www.ine.com
»No system will ever be 100% secure
»Defense-in-depth
• Layer your defensive capabilities
»The Holy Trinity of Information Security
• Confidentiality
• Integrity
• Availability
- 3. Introduction to Security
Copyright © www.ine.com
»AAA
• Authentication
• Authorization
• Accounting
»The Security Mindset
• Offensive security
• The defender’s dilemma
- 4. Network Security
Copyright © www.ine.com
»Network design fundamentals
• The OSI model
• Provide an explanation of host-to-host communication on a
LAN or WAN
• Provide efficient categorization of communication protocols
• Illustrate how those protocols communicate with each other
• The OSI model as an abstraction
• The DoD or TCP/IP model
- 5. OSI Layers
Copyright © www.ine.com
» L 7 – Application Layer – HTTP, SMTP, Telnet
» L 6 – Presentation Layer – TIFF, JPEG, MPEG
» L 5 – Session Layer – RPC, NFS, ASP
» L 4 – Transport Layer – TCP, UDP
» L 3 – Network Layer – Routing Protocols
» L 2 – Data Link – MAC, Logical Link Control
» L 1 – Physical – 802.3, 802.11, Fiber Optics
- 6. Basic Networking Devices
Copyright © www.ine.com
»Ethernet hub
• Layer 1 device
• Vulnerable to a sniffing attack
»Switches
• Layer 2 device
• Forwarding based on MAC addresses
• Vulnerabilities
- 7. Basic Networking Devices
Copyright © www.ine.com
»Router
• Layer 3 device
• Routing protocols
• Connects broadcast domains
• Vulnerabilities
»Firewalls
• Hardware and software
• Access control lists
- 8. Basic Networking Devices
Copyright © www.ine.com
»Intrusion prevention systems
• Placed in-line with traffic
• Host based or network based
• Active response to attacks
»VPNs
• Encryption protocols – SSL/TLS, IPSec
»Content filtering appliance
- 9. Basic Networking Devices
Copyright © www.ine.com
»Telephony
• Modems and war dialing
• Manual or automated attacks
• Securing modems
• Physical and logical methods
• PBX systems
• Publicly Switched Telephone Network (PTSN)
• VoIP (Voice over IP)
- 10. Server Security
Copyright © www.ine.com
»Web servers
• Microsoft IIS
• Apache
• FreeBSD
• Oracle and Sun
• Security resources
• Common vulnerabilities and exposures at http://cve.mitre.org
- 11. Server Security
Copyright © www.ine.com
»Common web server attacks
• Denial of service
• XSS/XSRF
• Buffer overflow
• Privilege escalation
• Apache DarkLeech
• Remote code execution
- 12. Server Security
Copyright © www.ine.com
»Methods of vulnerability management
• Patch Management
• External Controls
• Vulnerability Scanning
• SSL/TLS
• Robots.txt
• Data Leakage
- 13. Server Security
Copyright © www.ine.com
»FTP servers
• File Transfer Protocol
• Username/password authentication
• Information sent in clear text
• Types of attacks
• FTP bounce
• Buffer overflow
• Sniffing
- 14. Server Security
Copyright © www.ine.com
»Securing FTP servers
• SFTP/FTPS
• Port randomization/dynamic port allocation
• Disable anonymous account
• Disable unused accounts
• Automated scan for shell scripts
• Separate FTP and other servers
• Web shell attack
- 15. Server Security
Copyright © www.ine.com
»File servers
»Network controllers
• Active Directory
• LDAP
»Email/SMTP servers
• Exchange and Apache
»Other servers
- 16. Cloud Computing
Copyright © www.ine.com
»Cloud computing and security
• What is the cloud?
• Historic and modern scope
• Telecommunications and networking
• Modern server environments
• Examples of well-known cloud services
• Gmail/Dropbox
• Games
• Development environments
- 17. Cloud Computing
Copyright © www.ine.com
»Cloud services and types
• Saas/Iaas/Paas
• Types of clouds
• Public
• Private
• Hybrid
• Community
- 18. Cloud Computing
Copyright © www.ine.com
»Cloud security concerns
• Loss of physical control
• Privacy/confidentiality
• Lack of proper authentication
• Malicious insider attack
• Software bugs
• Proper data disposal
• Auditing
- 19. Cloud Computing
Copyright © www.ine.com
»Cloud security solutions
• Complex passwords
• Stronger authentication methods
• Strictly enforced access policies
• Encryption
• Programming standardization
• Documentation
- 20. Cloud Computing
Copyright © www.ine.com
»Other cloud services
• Social media
• Facebook/Twitter/etc.
• P2P networking
• Filesharing
• Gaming
• Torrenting
• TOR and Darknet
- 22. Additional Networking Concepts
Copyright © www.ine.com
»Network Address Translation
• Benefits
• Helps alleviate IPv4 exhaustion issues
• The firewall effect
• Port Address Translation
• Static NAT
• One-to-one mapping
• Dynamic NAT
• One-to-many mapping
- 23. Additional Networking Concepts
Copyright © www.ine.com
»Network Address Translation
• Private Address Ranges for IPv4
• RFC 1918 Addresses
• Assigned by IANA
– Private Class A 10.0.0.0-10.255.255.255
– Private Class B 172.16.0.0-172.31.255.255
– Private Class C 192.168.0.0-192.168.255.255
• Class A contains the most addressable hosts
• Class C contains the fewest
- 24. Additional Networking Concepts
Copyright © www.ine.com
»Types of IPv6 addresses
• Unicast
• Global unicast starts at 2000
• Link-Local at ::1 and FE80::/10
• Anycast
• Structured in the same manner as unicast
• Multicast
• FF00::/8
- 25. Additional Networking Concepts
Copyright © www.ine.com
»The demilitarized zone
• Publicly accessible services
• Web server
• Exchange or mail server
• Implementation
• 3-leg perimeter
– Logical implementation
• Back-to-back perimeter
– Physical implementation
- 26. Additional Networking Concepts
Copyright © www.ine.com
»Intranets and extranets
• Used to share data while retaining control and a
degree of security
• Intranets are used to share information within an
organization
• VPNs for off-site employees
• Could be composed of many different LANs
• A private analog to the public Internet
• Reserved for employee use
- 27. Additional Networking Concepts
Copyright © www.ine.com
»Intranets and extranets
• Used to share data while retaining control and a
degree of security
• Extranets are used to share information within other
organizations
• VPNs for contractors
• Security
• Proper authentication
• Limit the information available
- 28. Additional Networking Concepts
Copyright © www.ine.com
»Network access control
• Purpose
• Hardware based
• Software based
• FreeNAC
• PacketFence
• IEEE 802.1X
• Port-based network access control
• Authenticated point-to-point connections
- 29. Additional Networking Concepts
Copyright © www.ine.com
»Subnetting
• Definition
• The creation of subnetworks through the logical manipulation
of IP addresses
• Reasons
• Increases security through compartmentalization
• Allows for more efficient use of assigned address space
• Reduces broadcast traffic and collisions
• Attacks isolated to a specific subnet
- 30. Additional Networking Concepts
Copyright © www.ine.com
»Subnetting
• CIDR notation
• Classless inter-domain routing
– Alternative to subnetting
– Also known as supernetting
– The value of the IP address determines its subnetwork
– Uses IP address and netmask in the format
192.168.1.0/24
- 31. Additional Networking Concepts
Copyright © www.ine.com
»Virtual Local Area Network (VLAN)
• Implemented on a switch
• Increases segmentation
• Reduces collisions/increases performance
• Increases security
• Provides better organization
• Physical VLANs (port based)
• Logical VLANs (protocol and MAC address based)
- 32. Additional Networking Concepts
Copyright © www.ine.com
»VLAN security issues
• Physical security
• VLAN hopping
• Switch spoofing
– Attacker uses the same tagging and trunking protocol
– Traffic can be sniffed or modified
• Double tagging
– Connected to an 802.1q interface
– Prepends two VLAN tags
- 33. Additional Networking Concepts
Copyright © www.ine.com
»VLAN security issues
• VLAN hopping, continued
• Spoofing countermeasures
– Configure trunking and access ports
– Put empty ports into an unused VLAN
• Double tagging countermeasures
– Upgrade firmware or software
– Do not use default or native VLAN
– Choose an unused VLAN for all trunks only
- 35. Protocols & Threats
Copyright © www.ine.com
»Common ports and protocols
• The path to the operating system
• Defend, monitor, and audit
• Port ranges – UDP and TCP
• The well-known ports 0-1023
• The registered ports 1024-49,151
• Dynamic and private ports 49,152-65,535
• Inbound and outbound
- 36. Protocols & Threats
Copyright © www.ine.com
»Common ports and protocols
• Network socket address
• 192.168.1.47:80
• 192.168.4.52:23001
• Closing unnecessary ports
• Within the GUI
• At the command-line interface (CLI)
• At the firewall
• Port zero
- 37. Protocols & Threats
Copyright © www.ine.com
» Port 7 -- Echo
• TCP or UDP
• Testing round-trip times between hosts
» Port 19 -- CHARGEN
• TCP or UDP
• Character generator for testing and debugging
» Port 20, 21 -- FTP
• TCP
• File transfer protocol that allows host-to-host file sharing;
20 is data, 21 is control
- 38. Protocols & Threats
Copyright © www.ine.com
» Port 22 -- SSH
• TCP or UDP
• Secure shell allows for encrypted remote administration of *nix
systems; secure copy and secure FTP also use port 22
» Port 23 -- Telnet
• TCP or UDP
• Remote administration via clear text; considered deprecated and
insecure
» Port 25 -- SMTP
• TCP
• Used for sending email
- 39. Protocols & Threats
Copyright © www.ine.com
» Port 49 – TACACS+
• TCP
• Remote authentication service
» Port 53 -- DNS
• TCP or UDP
• Domain name system resolves hostnames to IP addresses
» Port 69 -- TFTP
• UDP
• Trivial file transfer protocol; low overhead version of FTP
- 40. Protocols & Threats
Copyright © www.ine.com
» Port 80 – HTTP
• TCP
• Used to transmit web page data
» Port 88 -- Kerberos
• TCP or UDP
• Network authentication service that uses encryption and
time-stamped tickets
» Port 110 – POP3
• TCP
• Post-office protocol version 3 is used to receive email
- 41. Protocols & Threats
Copyright © www.ine.com
» Port 119 – NNTP
• TCP
• Transfers usenet data
» Port 135 – RPC/epmap/dcom-scm
• TCP or UDP
• Microsoft end-point mapper; used to locate dcom ports
» Port 137-139 – NetBios
• TCP or UDP
• Name, datagram, and session service
- 42. Protocols & Threats
Copyright © www.ine.com
» Port 143 – IMAP
• TCP
• Internet message access protocol; used to receive email
» Port 161 – SNMP
• UDP
• The simple network management protocol allows for the remote
monitoring of network devices; Version 3 is encrypted
» Port 162 – SNMPTRAP
• TCP or UDP
• Traps and InformRequests are sent to the manager on this port
- 43. Protocols & Threats
Copyright © www.ine.com
» Port 389 – LDAP
• TCP or UDP
• Lightweight directory access protocol maintains a database of users
and objects on a network
» Port 443 – HTTPS
• TCP
• The secure version of the hypertext transfer protocol allows for
encrypted transmission of web data
» Port 445 – SMB
• TCP
• The server message block provides shared access to files and other
resources
- 44. Protocols & Threats
Copyright © www.ine.com
» Port 514 – Syslog
• UDP
• Used for computer message logging and for router and
firewalls; syslog over TLS uses port 6514
» Port 636 – LDAP over TLS/SSL
• TCP or UDP
• The secure version of LDAP
» Port 860 – iSCSI
• TCP
• IP-based protocol used for linking data storage facilities
- 45. Protocols & Threats
Copyright © www.ine.com
» Port 989/990 – FTPS
• TCP or UDP
• The SSL/TLS implementation of FTP; 989 is for data, and 990 is
the control port
» Port 1433 – MSSQL
• TCP or UDP
• Opens queries to the SQL server
» Port 1701 – L2TP
• UDP
• VPN protocol with no built-in security; used with IPSec for
encryption
- 46. Protocols & Threats
Copyright © www.ine.com
» Port 1723 – PPTP
• TCP or UDP
• VPN protocol with built-in security
» Port 1812/1813 – RADIUS
• UDP
• Remote authentication dial-in user service; AAA protocol
» Port 3225 – FCIP
• TCP or UDP
• Fiber channel over Internet protocol; encapsulates fiber
channel frames within TCP/IP packets
- 47. Protocols & Threats
Copyright © www.ine.com
»Port 3389 – RDP
• TCP or UDP
• Remote desktop protocol allows for remote viewing
and control of Windows systems
»The Internet Assigned Numbers Authority
• Complete List of Ports at
http://www.iana.org/assignments/service-names-
port-numbers/service-names-port-numbers.xhtml
- 48. Protocols & Threats
Copyright © www.ine.com
»Types of attacks
• Denial of Service (DoS)
• Flood attacks
– Ping
» ICMP-based
» Bandwidth consumption
– Smurf
» ICMP-based
» Uses broadcast address for amplification
- 49. Protocols & Threats
Copyright © www.ine.com
» Types of attacks, continued
• Denial of Service (DoS)
• Flood attacks
– Fraggle
» UDP-based
» Directed at ports 7 and 19
» Similar to a UDP-flood
– SYN flood
» TCP-based attack
» Sets the SYN flag
» Flood guards and time controls
» IDS/IPS
- 50. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Denial of Service (DoS)
• Xmas attack
– TCP scan with the FIN, URG, PSH flags set
– Can cause routers to reboot or operating systems to
crash
• Ping of death
– RFC 791
– Oversized packet attack
- 51. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Denial of Service (DoS)
• Teardrop
– Overlapping and oversized IP fragments
– Windows 7 and Vista
• Phlashing
– Permanent denial of service
– Embedded systems
– Bricking
- 52. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Denial of Service (DoS)
• Fork bomb
– Creates a large number of processes
– Known as rabbit malware, wabbits, or bacteria
• Other DoS attacks
– New attacks are always being discovered
– Security research
– Basic security precautions
- 53. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Distributed Denial of Service (DDoS)
• Botnet (zombies and masters)
• Defenses
– Stateful firewalls, switches, and routers with ACLs
– IDS/IPS
– DNS sinkholes
– DNS blackholes
- 54. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Spoofing
• Impersonation
• Types
– Protocol and application
» IP and MAC addresses
– Man-in-the-middle
– Web page
– Email/phishing
- 55. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Spoofing
• Storage Area Network
– World-wide name (pWWN, nWWN)
• Defenses
– Use proper authentication
– Repeat authentication
– Update OS and firmware
– Use packet filtering
– Encryption
- 56. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Session hijacking
• Session theft
– Application layer attack
– Packet header manipulation
– Cookie theft
• Session theft defenses
– Encryption
– Long random numbers for session IDs
– Challenge Handshake Authentication Protocol (CHAP)
- 57. Protocols & Threats
Copyright © www.ine.com
» Types of attacks, continued
• Session hijacking
• TCP/IP hijacking
– Network layer attack
– Occurs after initial authentication
– IP address spoofing of client
– Sequence number prediction and packet injection
– DoS attack on the client
– UDP hijacking
• Defense
- 58. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Session hijacking
• Blind hijacking
– Blind injection of data
– Create accounts or set passwords
• Man-in-the-middle
– Active interception
– Spoofing
– Defenses
- 59. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Session hijacking
• Man-in-the-browser
– Trojan infects the browser
– Modification and theft of data
– Use most current version of browser
– Third-party verification
– Most current malware detection
- 60. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Session hijacking
• Watering hole attack
– Profiles the target’s browsing habits
– Probes those websites for vulnerabilities
– Javascript or other code injection
– Redirection to a malicious website
– Infect the host and gain a foothold in the network
• Defenses
- 61. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Replay
• Session intercepted and used at a later time
• Impersonation
• Defense
– Encryption
– Session tokens
– Timestamping and synchonization
– Nonce
- 62. Protocols & Threats
Copyright © www.ine.com
» Types of attacks, continued
• Null session
• Windows IPC$
• Port 139 and 445/NetBIOS and Server Message Block
• Used to enumerate userIDs, share names
• Access to files and folders
• Syntax
– net use IP addressipc$ “” /U: “”
• Defense
– Update your OS
– Filter outbound traffic on ports 139,445
- 63. Protocols & Threats
Copyright © www.ine.com
» Types of attacks, continued
• DNS poisoning
• Modification of DNS cache information (cache poisoning)
• Redirect computers to malicious websites (phishing, malware)
• Causes
– Bad software design
– Name server misconfiguration
• Defense
– Transport layer security and digital signatures
– DNSSEC
– Patching the server
– Logging and auditing
• Unauthorized zone transfer
- 64. Protocols & Threats
Copyright © www.ine.com
» Types of attacks, continued
• Host file poisoning
• The predecessor to DNS
• Used on local machines to translate FQDNs to IP addresses
• Typically empty but still read and parsed by OS
• Can be altered to attempt DNS bypass
• Defense
– `Modify file permissions to read-only in
%sytemroot%system32driversetc
– If already hijacked, delete and the system will recreate upon
next boot
- 65. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Pharming
• Vulnerability of host files and DNS
• Traffic redirection
• Defense
– Monitor DNS configurations and hosts files
– Can still affect ISP DNS servers
– Phishing and pharming filters
– Use caution when browsing
- 66. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Domain name kiting
• Deleting a domain name during the grace period and re-
registering it for another grace period
• Avoid fees
• Prevention of legitimate users from purchasing a domain
• Sites can also be used to launch attacks or be the destination
of a redirect attack
- 67. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• ARP poisoning
• ARP resolves IP addresses to Layer 2 or MAC addresses
• Mappings are stored in the ARP table
• Entries can be poisoned or spoofed
• How it works
• Effects
– Data sniffing
– Data modification
- 68. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• ARP poisoning
• Attacks
– Man-in-the-middle
– Denial of service
• Defenses
– VLAN segregation/separation
– DHCP snooping
– ArpON
- 69. Protocols & Threats
Copyright © www.ine.com
»Types of attacks, continued
• Transitive access and abuse of trust
• Not a specific attack
• Manipulation and abuse of trusted entities
– Trust relationships are commonly used to bypass
authentication models to save time
• Incremental approach
– Unable to directly access internal database
– Use pivot points to access from compromised trusted
entities – (client-side attack)
- 70. Securing Network Devices
Copyright © www.ine.com
» Common configuration vulnerabilities
• Problems out of the box
• Default accounts
– Remove or rename
– Default passwords
• Weak passwords
– Complexity and length
» 8 to 10 characters
» At least one uppercase, one number, and one special
character
» 15 is considered to be the best length
- 71. Securing Network Devices
Copyright © www.ine.com
» Flaws in software or operating systems
• Privilege escalation
• Definition
• Causes
– Bugs in the application
» Buffer overflow
» Jailbreaking
– Failure to validate the code
– Least privilege not enforced
• Effects
– Unauthorized access to protected areas
- 72. Securing Network Devices
Copyright © www.ine.com
»Flaws in software or operating systems,
continued
• Privilege escalation types
• Vertical escalation
– Lower privileged user accesses a higher level
• Horizontal escalation
– One user accessing another’s resources
• Privilege de-escalation
- 73. Securing Network Devices
Copyright © www.ine.com
»Bypassing authentication
• Backdoors
• Originally used by software developers for application access
• Attackers quickly discovered how to abuse this access
• Types
– Remote access trojans
– Rootkits
• Defenses
• Eliminate the use of backdoors in application coding practices
• Rootkit scanners
- 74. Securing Network Devices
Copyright © www.ine.com
»Network attacks
• Defenses
• Update your systems
• Use of IDS/IPS
»Other considerations
• Network administration via remote ports
• Strong authentication
• Encryption
• Telnet should be replaced with SSH
- 75. Securing Network Devices
Copyright © www.ine.com
» Cable types
• Twisted-pair
• Copper based
• Four pairs of wires
• Twisted to eliminate cross-talk
• RJ-45 connector
• Fiber optic
• Single-mode (long distance) and multi-mode (shorter distances)
• Glass/plastic using SC/LC connectors
• Pulses of light
• Most secure – resistant to wire tapping
• Not susceptible to EMI, RFI, or data emanation
- 76. Securing Network Devices
Copyright © www.ine.com
»Cable types, continued
• Coaxial cable
• Single core/copper-based
• Internet/video
• RJ-6 connector
• Vulnerable to data emanation attacks
- 77. Securing Network Devices
Copyright © www.ine.com
»Cable vulnerabilities
• Interference
• Definition
• Electromagnetic Interference (EMI)
• TVs, microwaves, air conditioning, electrical lines
• Copper-based cables should be isolated from EMI
• Shielded cables can be used
• Shield emanating device
– Electrical lines should be BX (metal encased) not Romex
(unshielded)
- 78. Securing Network Devices
Copyright © www.ine.com
»Cable vulnerabilities, continued
• Radio Frequency Interference (RFI)
• AM/FM transmissions
• Cell towers
• Proximity to source
• Most commonly affects wireless networks
• Can affect speakers and monitors
- 79. Securing Network Devices
Copyright © www.ine.com
» Cable vulnerabilities, continued
• Crosstalk (co-channel interference, CCI)
• Signal jump in telephone lines or modems
• Can be caused by bundles of cables placed in close proximity
• Types
– Near end (NEXT)
» Two pairs in a single cable
» Measured on the cable end nearest the transmitter
– Far end (FEXT)
» Measured at the cable end farthest the transmitter
• Countermeasures
– Use twisted-pair cabling
– Use shielded twisted-pair
- 80. Securing Network Devices
Copyright © www.ine.com
» Cable device vulnerabilities
• Data emanation (signal emanation)
• Electromagnetic field (EM) generated by cables or a network
device
• Conversation eavesdropping
• Data theft
• Mainly a problem with coaxial, but UTP can be affected
• Defenses
– Shield cable
– Use metal conduits
– Shield an entire room like a Faraday Cage
- 81. Securing Network Devices
Copyright © www.ine.com
»Cable device vulnerabilities, continued
• Tapping attacks and tools
• Vampire tap
– Coaxial (10base5 or Thicknet)
– Pierces the copper core
• Wiretapping
– Connecting to a punch block or RJ11 with a buttset
» Also known as a lineman’s handset
» Phone with alligator clips used for testing
- 82. Securing Network Devices
Copyright © www.ine.com
»Cable device vulnerabilities, continued
• Tapping attacks and tools
• Wiretapping
» Lock the punch block in a closet or room
» Use lockable RJ11 connectors
– Plugging into an open port of a twisted-pair network
» Switch, hub, or workstation port
» Keep devices in secured areas
» Disable unused ports
- 83. Securing Network Devices
Copyright © www.ine.com
» Cable device vulnerabilities, continued
• Tapping attacks and tools
• Wiretapping
– Splitting the wires in a twisted-pair cable
» Cutting the cable and soldering a second cable
» Leads to a temporary interruption
» Cable runs should be in the ceiling and inside walls
– Spectral analyzer
» Measures electronic waveforms at specific frequencies
» Can decode encrypted transmission
» Prevent with metal detectors and detect with CCTV
- 84. Securing Network Devices
Copyright © www.ine.com
»Cable device vulnerabilities, continued
• Tapping attacks and tools
• Wiretapping
– Passive optical splitter
» Requires cable access
» Disrupts communications
» More expensive and requires more knowledge
» Improper tapping could cause chromatic dispersion
and data loss (monitoring)
» Similar prevention methods
- 85. Securing Network Devices
Copyright © www.ine.com
»Securing wireless networks
• General considerations
• Attackers only need to be in radio frequency range
• Antennas can extend range
• The wireless access point
• The central connection point
• Securing the administrative interface
– Change default passwords
– Disable remote administration if not needed
- 86. Securing Network Devices
Copyright © www.ine.com
» Securing wireless networks, continued
• Service Set Identifier (SSID)
• Broadcasts the name of the network
• On by default
• Disabling is known as security through obscurity and only provides weak
security, if any
• Reduce transmitter power
• Rogue access points
• Unauthorized access points that allow access into secure networks
• Document all access points
• Conduct periodic audits
• Eliminate legacy hardware and encryption protocols
- 87. Securing Network Devices
Copyright © www.ine.com
» Securing wireless networks, continued
• Evil twin
• A rogue access point that uses the same SSID
• Stronger signal
• Used for MITM attacks
• Implement VPNs
• Don’t send sensitive information over wireless networks
• Conduct periodic audits
• Encryption
• Open authentication
• Weak encryption protocols (WEP, WPA)
• Strongest is WPA2 with AES CCMP
- 88. Securing Network Devices
Copyright © www.ine.com
»Securing wireless networks, continued
• Wireless Encryption Protocols
• Wired Equivalent Privacy (WEP)/64-bit key size
• Wi-Fi Protected Access (WPA)/128-bit
• Wi-Fi Protected Access v2 (WPA2)/256-bit
• Temporal Key Integrity Protocol (TKIP)/128-bit
• Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP)/128-bit
• Advanced Encryption Standard (AES)/128-, 192- and 256-bit
- 89. Securing Network Devices
Copyright © www.ine.com
»Securing wireless networks, continued
• WPA-Personal Preshared Key (PSK)
• Enables connectivity between wireless clients through the use
of a password or passphrase
• WPA-Enterprise
• Uses an 802.1x authentication server such as RADIUS or
TACACS
• Wi-Fi Protected Setup (WPS)
• An 8-digit code that can be broken quickly
• Should not be allowed on a wireless network
- 90. Securing Network Devices
Copyright © www.ine.com
»Securing wireless networks, continued
• Wireless VPN
• Creates a secure connection through the use of an encrypted
tunnel
• Encryption protocols should be used (PPTP, IPSec)
• Choose the correct authentication mechanism
• Apply authentication mechanism uniformly
- 91. Securing Network Devices
Copyright © www.ine.com
»Securing wireless networks, continued
• Wireless architecture and antenna types
• Point-to-multipoint
– Single central device connecting many clients
– Omnidirectional (vertical omni, ceiling dome)
• Point-to-point
– Fixed locations
– Parabolic (dish) or a Yagi antenna
• Conduct a site survey and be aware of range limitations
- 92. Securing Network Devices
Copyright © www.ine.com
» Securing wireless networks, continued
• Security strategies for wireless access points
• Strategic placement
– Center of building to minimize external footprint
• Reduce transmission power level
• Keep away from electrical panels, cables, motors
• Built-in firewall
– Enable stateful packet inspection
• Enable NAT filtering
• Utilize MAC filtering or whitelisting
– MAC addresses can be spoofed
• Utilize AP Isolation mode
- 93. Securing Network Devices
Copyright © www.ine.com
» Securing wireless networks, continued
• Vulnerabilities and attacks in the wireless environment
• War driving
– Variations (war walking, biking, flying, chalking)
– Attackers locate network and then attempt password
guessing or brute-forcing
– Hide the SSID
– Use proper positioning (not at the edge of the building) and
appropriate power levels
– Strong encryption and authentication mechanisms
- 94. Securing Network Devices
Copyright © www.ine.com
»Securing wireless networks, continued
• Vulnerabilities and attacks in the wireless
environment
• Initialization vector (IV) attack
– Related-key attack
– Attacker is able to derive a mathematical relationship
between keys
– WEP used a 24-bit IV
– WEP and WPA are vulnerable
- 95. Securing Network Devices
Copyright © www.ine.com
» Securing wireless networks, continued
• Vulnerabilities and attacks in the wireless environment
• Denial of Service
– DHCP starvation
– Incomplete authentication
» Configure expiration timeouts for inactive sessions
» Implement wireless frame protection
• Brute-force attack
– Exhaustive key search
» Limit password attempts (throttling)
» Require time delays between attempts
» Utilize complex passwords
» Blacklist certain IP addresses
- 96. Securing Network Devices
Copyright © www.ine.com
» Bluetooth characteristics and vulnerabilities
• General characteristics
• Short-range wireless technology
• Adaptive frequency hopping
• 2.4 GHz range
• Vulnerabilities
• Conflicts with other 2.4 GHz technologies (Wi-Fi)
– 802.11g and 802.11b
– Put WAPs on 5GHz range
– Place Bluetooth access points away from WAPs
- 97. Securing Network Devices
Copyright © www.ine.com
» Bluetooth characteristics and vulnerabilities,
continued
• Vulnerabilities
• Near field communications
– Allows two devices to connect and share data over short
distances
– No inherent security, and eavesdropping is an issue
– Jamming
– Replay attacks
– Use applications that offer SSL/TLS or other secure channels
of communication
- 98. Securing Network Devices
Copyright © www.ine.com
» Bluetooth characteristics and vulnerabilities,
continued
• Attacks
• Bluejacking
– Sending of unsolicited messages to Bluetooth devices
– Complex pairing key
– Turn off Bluetooth or set to non-discoverable
• Bluesnarfing
– Unauthorized interception of data
– Complex pairing key
– Set to non-discoverable mode