Network Security and Monitoring

Slides:

Advertisements

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

Advertisements

1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.

System Security Scanning and Discovery Chapter 14.

Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處副處長麟瑞科技.

Controlling access with packet filters and firewalls.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.

COEN 252: Computer Forensics Router Investigation.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.

COEN 252 Computer Forensics

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

– Chapter 5 – Secure LAN Switching

Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.

Securing Wired Local Area Networks(LANs)

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 7 – Secure Network Architecture and Management.

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part V: Monitoring Campus Networks.

 Jaden Terry.  To obtain privacy and protect data from other people. o Businesses Customer/Employee information Credit card numbers To gain a competitive.

CIS 450 – Network Security Chapter 5 – Session Hijacking.

CHAPTER 9 Sniffing.

FIRST TC 2002 John Kristoff - DePaul University 1 Local Network Attacks John Kristoff DePaul University Chicago, IL

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.

Jose Luis Flores / Amel Walkinshaw

Chapter 6: Securing the Local Area Network

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.

Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://

 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.

TDC375 Autumn 03/04 John Kristoff - DePaul University 1 Network Protocols Address Resolution Protocol (ARP)

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Cisco Implementing Cisco IP Switched Networks (SWITCH )

Basic Edge Core switch Training for Summit Communication.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Network security Vlasov Illia

Introduction to Information Security

DAYOU DSW2324G Overview Key Features L2 Gigabit Ethernet Switch

Port Scanning James Tate II

Instructor Materials Chapter 5: Network Security and Monitoring

Exploiting Layer 2 By Balwant Rathore.

Working at a Small-to-Medium Business or ISP – Chapter 8

Layer 2 Attacks and Security

Information Security Professionals

Instructor & Todd Lammle

EA C451 Vishal Gupta.

– Chapter 5 – Secure LAN Switching

Introduction to Networking

Chapter 2: Basic Switching Concepts and Configuration

Switch Concepts and Configuration Part II

Chapter 5: Network Security and Monitoring

CCNA 2 v3.1 Module 10 Intermediate TCP/IP

– Chapter 3 – Device Security (B)

– Chapter 3 – Device Security (B)

Cisco networking CNET-448

Lock and Key by Linda Wier 2/23/2019.

LAN Switching and Wireless – Chapter 2

Network hardening Chapter 14.

Protection Mechanisms in Security Management

Presentation transcript:

Network Security and Monitoring Some network vulnerabilities and threats Reconnaissance Monitoring

Network Vulnerabilities Technology vulnerabilities Operation system vulnerabilities Configuration vulnerabilities Etc

TCP/IP Vulnerabities Many TCP/IP based applications have inherent vulnerabilities TFTP Telnet Use more secure apps (SSH, etc) Some standard TCP/IP applications are used for reconnaissance and attacks SNMP ICMP

Reconnaissance What is reconnaissance? Reconnaissance is the process of acquiring information about your network While it usually precedes an attack the point where reconnaissance stops and attacks begin isn’t always clear What type of information are they seeking? Network topology Device type and OS Addressing Services and assets Personnel/account passwords

Reconnaissance Social engineering Enumeration Footprinting/Fingerprinting

Network Enumeration Network Enumeration is the discovery of hosts/devices on a network. May be accomplished by use of overt discovery protocols such as ICMP and SNMP May also use port scans of various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host and solicit host specific banners.

Fingerprinting Passive fingerprinting uses tools to analyze communications to and from a remote host while it goes about it's normal business.

Fingerprinting Active fingerprinting tools rely on stimulus-response. Different Operating Systems respond to packets (stimulus) in different ways. The source will send certain packets to the target then analyze the target’s response to identify the operating system.

IP Spoofing Attacker can use IP spoofing to impersonate the identify of a trusted host or decoy Typically limited to injection of data or commands, since replies to a spoofed address will not reach the attacker

Some Layer 2 Threats CDP/LLDP Reconnaissance MAC Address Table Flooding Attack CAM table overflow attack VLAN Attacks Switch spoofing/insertion – create trunk DHCP Attacks DHCP spoofing or starvation (DOS)

Some Protection methods 802.1x – device authentication Supplicant Authenticator Authenticating Server

Some Protection methods Telnet/SSH authentication AAA - Authentication, Authorization, Accounting Local database Remote Authentication Dial-In User Service (RADIUS) Terminal Access Controller Access Control System (TACACS)

Other Vulnerabilities Telnet/SSH authentication AAA - Authentication, Authorization, Accounting Local database Remote Authentication Dial-In User Service (RADIUS) Terminal Access Controller Access Control System (TACACS)

Monitoring Use attacker utilities Attack your own network SNMP SNMP agent – community strings SNMP manager MIB Traps

Monitoring Port mirroring (SPAN) Allows station to receive frames intended for others Local or remote IPS/IDS Packet analyzer