Network + Part 8

A weakness in a system.

A vulnerability in an application that has not been found yet. Attackers have found them.

Something that takes advantage of a vulnerability such as a person or fire. Also called threat agents.

When a threat takes advantage of a vulnerability.

Rights and permissions should be set to the bare minimum.

Role based access control. The role in the organization determines the administrative rights.

Only people/applications who are verified would have access to resources. Usually done via multifactor authentication.

Separation of data by using 2 physical devices.

Uses VLANs to separate the data logically.

Also known as the demilitarized zone, DMZ. Additional layer of security between the internet and you. The public can access public resources. Sometimes the firewall will route the public to another switch or server with public information.

Split the knowledge between individuals. An example is 2 people, each person has half of the password. Also called dual control.

Network Access Control. IEEE 802.1X is port-based NAC. You must authenticate, usually through username and password. Referred to physical switch ports.

Allows attackers to trap them in there and observe what they do. Create a virtual world to explore.

Authentication credentials are stored on the local device. Must be individually administered.

Multifactor Authentication.

Remote Authentication Dial In User Service. Common AAA Protocol used for a wide range of devices, not just for dial in. Centralize database for user credentials.

Terminal Access Controller Access Control System. Remote authentication protocol. TACAS+ is the latest version that is an open standard and provides more authentication requests and response codes.

Lightweight Directory Access Protocol. Protocol for reading and writing directories over an IP network like a phone book.

Network authentication protocol. Authenticate once. Mutal authentication between the client and server to protect against on path attacks.

NAC Network Access Control that is port based. Can be used in conjunction with other security protocols.

Extensible Authentication Protocol. Authentication framework. Used in conjunction with 802.1X to prevent access to the network until the authentication succeeds.

Vulnerability scanners can identify systems and security devices. Test from the outside and inside. Can identify misconfigurations.

Simulate an attack. Attempt to exploit vulnerabilities. Often a compliance mandate for it to be done by a 3rd party.

BYOD is always a vulnerability. Perform a health check on the device before it connects to the corporate network.

Identify assets that could be affected by an attack. Identify threats and risk level. Process assessments for future security plans.

Security Information and Event Management. Logs security events and information.

Forcing a service to fail by overloading the network. Can also be someone manually cutting the power to a building.

Layer 2 loop without STP. Bandwidth usage.

A number of malware infected computers used by the attackers. Will check in with a command and control center for instructions.

A group of bots working together.

Distributed denial of service. Many bots are used to clog up a network.

On path attacks are also known as man in the middle.

Address Resolution Protocol. When an IP address is tied to a mac address. A device broadcasts that it is looking for an IP and the receiver with that IP address sends them their MAC address.

An on path attack on the local IP subnet. ARP has no built in security. The attacker spoofs the IP address and gives their own MAC address.

Modify the DNS server to send users to your own site.

Normally users on one VLAN don’t have access to the others. Attackers find ways to switch VLANs while in the network.

When multiple VLANs go over a single port.

An attacker sets up a port to act as a trunk. They plug in a laptop and now they have a trunk link to that switch. The attacker can send and receive information from any configured VLAN. Switch admins should disable trunk negotiation and configure trunk interfaces.

Craft a packet that includes two VLAN tags. On the frame the first switch will see the tag, remove it and relay it to the second switch. This is a one way attack and good for denial of service. A solution is setting up a native VLAN ID to force tagging of the native VLAN.

Pretending to be something you are not. Applies to hardware or software such as email or phone ID.

An on path attack on the local IP subnet. ARP has no built in security. The attacker spoofs the IP address and gives their own MAC address. Also, an example of spoofing. The MAC address can also be spoofed.

IP addresses assigned by a non-authorized server. Can be prevented by enabling DHCP snooping on the switch and will only use authorized DHCP servers. Need to disable the interface and renew the IP leases.

Unauthorized wireless access points. Can be prevented by periodic surveys of the current access points. Using 802.1X Network Access Control which requires authentication, regardless of the connection type.

A legitimate looking access point. It is owned by a malicious individual. Encrypted information through HTTPS and VPN will help deny the attacker access.

Software with malicious intent. Malicious software.

Data is unavailable until the user pays. Malware encrypts your files.

When an application stores data with no encryption. Very bad for passwords.

Hashing represents data a fixed length string of text. Instead of storing the password we can store the hash.



This is SHA 256

Try every possible password until the hash is matched. Prevented by accounts locking after a number of failed attempts.

Use common words to try to guess a password.