Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security and Monitoring

Published byMaxime St-Germain Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Security and Monitoring"— Presentation transcript:

1 Network Security and Monitoring
Some network vulnerabilities and threats Reconnaissance Monitoring

2 Network Vulnerabilities
Technology vulnerabilities Operation system vulnerabilities Configuration vulnerabilities Etc

3 TCP/IP Vulnerabities Many TCP/IP based applications have inherent vulnerabilities TFTP Telnet Use more secure apps (SSH, etc) Some standard TCP/IP applications are used for reconnaissance and attacks SNMP ICMP

4 Reconnaissance What is reconnaissance?
Reconnaissance is the process of acquiring information about your network While it usually precedes an attack the point where reconnaissance stops and attacks begin isn’t always clear What type of information are they seeking? Network topology Device type and OS Addressing Services and assets Personnel/account passwords

5 Reconnaissance Social engineering Enumeration
Footprinting/Fingerprinting

6 Network Enumeration Network Enumeration is the discovery of hosts/devices on a network. May be accomplished by use of overt discovery protocols such as ICMP and SNMP May also use port scans of various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host and solicit host specific banners.  

7 Fingerprinting Passive fingerprinting uses tools to analyze communications to and from a remote host while it goes about it's normal business.

8 Fingerprinting Active fingerprinting tools rely on stimulus-response.
Different Operating Systems respond to packets (stimulus) in different ways. The source will send certain packets to the target then analyze the target’s response to identify the operating system.

9 IP Spoofing Attacker can use IP spoofing to impersonate the identify of a trusted host or decoy Typically limited to injection of data or commands, since replies to a spoofed address will not reach the attacker

10 Some Layer 2 Threats CDP/LLDP Reconnaissance
MAC Address Table Flooding Attack CAM table overflow attack VLAN Attacks Switch spoofing/insertion – create trunk DHCP Attacks DHCP spoofing or starvation (DOS)

11 Some Protection methods
802.1x – device authentication Supplicant Authenticator Authenticating Server

12 Some Protection methods
Telnet/SSH authentication AAA - Authentication, Authorization, Accounting Local database Remote Authentication Dial-In User Service (RADIUS) Terminal Access Controller Access Control System (TACACS)

13 Other Vulnerabilities
Telnet/SSH authentication AAA - Authentication, Authorization, Accounting Local database Remote Authentication Dial-In User Service (RADIUS) Terminal Access Controller Access Control System (TACACS)

14 Monitoring Use attacker utilities Attack your own network SNMP
SNMP agent – community strings SNMP manager MIB Traps

15 Monitoring Port mirroring (SPAN)
Allows station to receive frames intended for others Local or remote IPS/IDS Packet analyzer

Download ppt "Network Security and Monitoring"

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.

1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處 副處長 麟瑞科技.

Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處 副處長 麟瑞科技.
Controlling access with packet filters and firewalls.

Controlling access with packet filters and firewalls.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 Module Summary  Cisco routers operate at Layer 3, and their function is path determination.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Similar presentations

Ads by Google