Network Security Principles & Practices By Saadat Malik Cisco Press 2003

– Chapter 3 – Device Security A device is a node helping to form the topology of the network. A compromised device may be used by the attacker as a jumping board. A DoS attack may be launched against a device. Network Security

Two aspects of device security Physical security Placing the device in a secure location Logical security Securing the device against nonphysical attacks Network Security

Physical security Considerations: Using redundant devices? Network topology (serialized, star, fully meshed?) Where to place the network devices? Media security (wire tapping, physical eavesdropping) Adequate/uninterrupted power supply disasters Network Security

Device Redundancy Means of achieving redundancy: A backup device (router, switch, gateway, …) is configured to take over the functionality of a failed active device. Means of achieving redundancy: Use routing to enable redundancy Use a redundancy protocol Hot Standby Router Protocol (HSRP) Virtual Router Redundancy Protocol (VRRP) Failover protocols Network Security

Cisco Command Reference Cisco IOS Commands Master List, Release 12.2 http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122mindx/l22index.htm Network Access Security Commands http://www.cisco.com/en/US/products/sw/iosswrel/ps1824/products_command_reference_chapter09186a0080087141.html Configuration Guide for the Cisco Secure PIX Firewall Version 6.0: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/index.htm PIX Command Reference: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/commands.htm#xtocid0 Note: A PDF file may be downloaded from the above sites. Cisco Command Summary: http://networking.ringofsaturn.com/Cisco/ciscocommandguide.php Other useful sites: http://www.elings.com/ Windows Administration Support Portal http://www.freebraindumps.com/CCIE/ http://www.groupstudy.com/ Network Security

EIGRP (used in Example 3-1) IGRP: Cisco’s Interior Gateway Routing Protocol EIGRP: Enhanced IGRP A router running EIGRP stores all its neighbors' routing tables so that it can quickly adapt to alternate routes. If no appropriate route exists, EIGRP queries its neighbors to discover an alternate route. These queries propagate until an alternate route is found. To enable EIGRP on the router you simply need to enable eigrp and define a network number. This is done as follows: Router# conf t Router(config)# router eigrp 1 Router(config-router)# network 172.16.0.0 http://networking.ringofsaturn.com/Cisco/eigrp.php Network Security

Routing-enabled Redundancy To set up routing in such a way that the routing protocols converge to one set of routes under normal conditions, and a different set of routes when some of the devices fail. (floating) static routes with varying weights: example 3-1 Dynamic routing protocols: e.g., Routing Information Protocol (RIP) http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rip.htm Network Security

Dynamic routing using RIP Alternative paths are used when the normal path fails. Fig. 3-3 Network Security

HSRP Host Standby Routing Protocol proprietary (Cisco) A host uses a IP address as its default gateway. A virtual router is set up for that IP: a pair of IP and MAC addresses The addresses are ‘taken’ by a set of routers configured with HSRP One of the routers is designated as the active router. When the active router fails, one of the standby routers takes ownership of the IP and the MAC addresses. Network Security

HSRP HSRP group (aka. standby group) election protocol Packet format of HSRP messages: Fig. 3-4 Messages: hello, coup hello, resign How HSRP provides redundancy? Fig. 3-5 (next slide) A virtual IP is shared between router A and B, so when B becomes the active router, no change of default gateway IP is needed in the end hosts. Network Security

Example HSRP Implementation Fig. 3-5 Network Security

HSRP Drawback: not very secure The authentication field contains a password that is transmitted as clear text. c.f., VRRP provides better security. Network Security

VRRP Virtual Router Redundancy Protocol RFC 2338, RFC 3768 (4/04): ftp://ftp.rfc-editor.org/in-notes/rfc3768.txt Non-proprietary (unlike HSRP) an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN (the master router) The election process provides dynamic fail over in the forwarding responsibility should the Master become unavailable. allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end-hosts. Network Security

VRRP When is the master router considered down? The election process: The master router periodically sends out an advertisement message that contains an advertisement interval. Each backup router uses a timer to decide when the master router is down. The election process: When a backup router detects that the master router is down, it sends an advertisement message with its own priority value in it. The backup router with the highest priority value becomes the new master router. Network Security

VRRP Question: How if an attacker injects a fake VRRP advertisement message (possibly with very high priority value) into the network? Would it then be elected to be the new master router? The answer: VRRP security features Three authentication methods No authentication Simple clear-text passwords Strong authentication (using IP authentication with MD5 HMAC) Q: What’s the Implication? Shared key A mechanism that protects against VRRP packets being injected from a remote network sets TTL = 255 Network Security

VRRP RFC2338 (4/1998), obsoleted by RFC3768 (R. Hinden, Ed; April 2004) ftp://ftp.rfc-editor.org/in-notes/rfc3768.txt Network Security

Failover Protocol Cisco PIX firewall The functionality of a failed firewall is taken over by a standby firewall. See chapter 8 for details Network Security

Security of major devices Next: Router security Firewall security Network Security