Please enable JavaScript.
Coggle requires JavaScript to display documents.
WAN - 06 Network Security & Management, SNMP, Packet Analyzing -…
WAN - 06
Network Security & Management
Attacks
Gaining Administrative
Accss
CDB Reconnaissance Attack
CDB
(Cisco Discovery Protocol)
A proprietary Layer 2 Link discovery Protocol
Enabled by default
Transmits
IP
Software Version
Capabilities
Native VLAn
Unencrypted & Unauthenticated
Attacker
Use this info
Craft & send bogus information.
Mitigate
Disable CDP Globally.
Telnet Attacks
Brute Force Password Attack
Telnet DoS Attack
Mitigate
SSH
Strong Passwords
Rotate Passwords
Limit access to the vty lines using ACLs
Use AAA with TACAS+ or RADIUS
Disruption
MAC Address Table Flooding
Mitigate
Port Security
Max # MAC Addresses
Manually Configure MAC Addresses.
VLAN Attacks
Configure a host to spool a switch with 802.1Q trunk protocol.
Attacker can access all VLANs.
Mitigate
Explicityly configure access links.
Disable auto trunking
Manually enable trunk links.
Disable unused port, make them access ports
& assign a black hole VLAN.
Change the default native VLAN.
Implement port security.
DHCP Attacks
DHCP Spoofing
Configure a fake DHCP server &
issue IP addresses to client.
DHCP Starvation
Flood the DHCP server with bogus DHCP requests &
lease all of the available IPs.
Results in a DoS for new IP address requests.
Mitigate
Trusted DHCP ports.
Untrusted DHCP ports
Port Security.
ARP Spoofing
(ARP Poisoning)
Secure
Secure protocols
SSH
SCP
SSL
Strong Passwords
CDP on select ports only
Secure Telnet
Dedicated Management VLAN
ACLs
AAA
Authentication
Methods
Challenge & Response
Token Cards
Username &
Password
Types
Local
Use the local database
For small networks.
Server Based
Using a remote AAA Server
TACAS+
RADIUS
IEEE 802.1X
Authorization
Which resources
Which operations
Accounting
What is done
Amount of time used
Changes done
SNMP
Components
Agent
Manager
Management Information Base
(MIB)
OIDs
Hiearchy
RFC Standard
Data Collection
Polling
Disadvantages
Delay between events and the notification.
Polling frequency vs Bandwidth usage.
Traps
Agents generate and send traps immediately of certain events.
Unsolicited messages by agent to manager.
Versions
1 & 2c
Community String
RO
RW
No encryption
3
Message Integrity
Authentication
Encryption
Access Control
Packet Analyzing
Port Mirroring
Copy and send ethernet frames from specific hosts to another port for analysis.
Original frame sent to the destination.
Cisco
Switched Port Analyzer
(SPAN)
Packet analysis
Intrusion Prevention Systems
Types
Local
Mirrored port in same switch.
Remote
Different switches.
Wireshark
Packets entering & exiting a NIC.
Only on the host.
Can't capture on other hosts.
Network Tap
External monitoring device.