Network + Part 9

A type of wireless denial of service attack where the attacker sends crafted frames to make others disconnect. 802.11 management frames are necessary to make or break wireless connections. Deauthentication frames can be sent to the access point to force a device with a certain MAC address to disconnect.

Attacker spoofs a website or email to attempt to get information from users.

An authorized person allows an unauthorized person gain access to an area. This can be non-consensual such as an attacker entering through a door before it closes.

The person behind the user looking at their screen.

Secure Simple Network Management Protocol. Only v3 and above have encrypted communication.

Router Advertisement Guard. IPv6 uses periodic router announcements. A rouge device could pretend to be a router. Switches can validate the RA messages.

Prevents unauthorized access to a switch interface. You can also set a maximum number of MAC addresses and how many different MAC addresses are used.

Dynamic ARP inspection. Monitors the network to prevent on path attacks. Relies on DHCP snooping to know every device’s IP address.

The plane that handles the forwarding of traffic.

Manages the device.

Prioritizes management traffic. Block unnecessary control plane traffic types such as SSH. Rate limit the traffic flows.

Port isolation. Restrict access between interfaces even if they are in the same VLAN. For example, you can connect to an access point but not the other devices on that access point.

Prevents someone from plugging a device into the network from any other device.

Network access control. 802.1X controls that say you can’t communicate unless you are authenticated.

Most devices have default usernames and passwords. These MUST be changed immediately.

IP tracking on a layer 2 device such as a switch. The switch acts as a DHCP firewall. Trusted routers, switches, and DHCP servers are allowed in. Untrusted devices are filtered out.

All non trunk access ports are assigned to a VLAN without any additional security. Anyone connecting will be part of the default VLAN. Example all the ports/interfaces on a switch are assigned to the default VLAN. They need to be changed since we don’t have separate administrative controls.

Access Control Lists. Allow or disallow traffic based on IP.

Set up rules with a number, IP, Remote Port, Local Port, Protocol (TCP/UDP), Action(Allow/Disallow).

Media Access Control or hardware address being filtered. A flaw is that someone can scan for MAC addresses through and Access Point and when one leaves, then spoof that address.

Try to limit the signal outside of necessary work areas.

Wireless devices on an access point can’t communicate with each other.

MDM (Mobile Device Manager) allows for the device or application to restrict or allow features when the device is in a particular area. Device can also only authenticate when in a certain area.

Authentication popup or website that allows you to enter a username and password when trying to authenticate / access a wireless network.

Internet of Things devices are a huge security issue. They need to be segmented from the private network.

On demand access from a remote device. Example: Laptop turns on VPN connects through the public internet, goes through a VPN concentrator to a private network. The laptop can turn their VPN on or off as needed.

Usually always on. 2 networks, each having a VPN concentrator connect to each other. Firewalls can act as a VPN concentrator.

Hypertext Markup Language version 5. HTML 5. Uses API support to encrypt messages.

All of the traffic sent to a network would go through the VPN concentrator. Even when accessing a third-party it would still need to go through the VPN concentrator.

Traffic to a private network will go through the VPN concentrator from the user. Traffic that is unrelated to the private network would be directed to a third party.

Share a desktop from a remote location. Windows uses RDP Microsoft Remote Desktop Protocol. VNC Virtual Network Computing allows for full control of another computer. This is also a security risk.

Combine a VPN with Microsoft Remote Desktop.

Secure shell. Encrypted communications through tcp port 22.

Virtual desktop infrastructure. Users connect remotely to a pre-built desktop.

When a device is unable to connect and you need to use a physical interface such as a serial cable/console router.

Closed circuit television. Video surveillance.

A record of every asset. A sticker with a scannable code that will tell you where and when that device has been.

Sensors or even stickers that detect if a device has been touched.

Train employees how to look for security issues.

Security hardware such as a gate that needs to be unlocked with a keycard.

Keyed or wireless

Use fingerprint, retina, voiceprint to access a room.

2 doors, when one is opened the other locks.

Factory reset or wiping data.

• 1. Identify the Problem
• 2. Establish a Theory
• 3. Test the Theory
• 4. Evaluate the Results. Go back to step 2 if needed.
• 5. Establish a Plan of Action
• 6. Implement the Plan
• 7. Verify Full System Functionality
• 8. Document Findings

Theoretical maximum data rate in bits per second. The size of the pipe.

Amount of data transferred in a given timeframe. How much water is flowing through the pipe.

• U Unshielded
• S Braided shielding
• F Foil Shielding
• (Overall Cable) / (Individual pairs)TP
• Example: Braided shielding around the entire cable and foil around the pairs is S/FTP

There is open air circulation instead of ducts. A concern for smoke and toxic fumes.

• PVC (polyvinyl chloride) is the traditional cable jacket.
• Fire rated jackets is FEP (fluorinated ethylene polymer) or PVC
• These are not as flexible.

DB-9 and DB-25 The number represents the pins. Also called RS-232.

Standard RJ-45 to serial console connection.