Statistics
8
Views
0
Downloads
0
Donations
Author:Yoram Orzach
Get to grips with network-based attacks and learn to defend your organization's network and network devices Key Features: Exploit vulnerabilities and use custom modules and scripts to crack authentication protocols Safeguard against web, mail, database, DNS, voice, video, and collaboration server attacks Monitor and protect against brute-force attacks by implementing defense mechanisms Book Description: With the increased demand for computer systems and the ever-evolving internet, network security now plays an even bigger role in securing IT infrastructures against attacks. Equipped with the knowledge of how to find vulnerabilities and infiltrate organizations through their networks, you'll be able to think like a hacker and safeguard your organization's network and networking devices. Network Protocols for Security Professionals will show you how. This comprehensive guide gradually increases in complexity, taking you from the basics to advanced concepts. Starting with the structure of data network protocols, devices, and breaches, you'll become familiar with attacking tools and scripts that take advantage of these breaches. Once you've covered the basics, you'll learn about attacks that target networks and network devices. Your learning journey will get more exciting as you perform eavesdropping, learn data analysis, and use behavior analysis for network forensics. As you progress, you'll develop a thorough understanding of network protocols and how to use methods and tools you learned in the previous parts to attack and protect these protocols. By the end of this network security book, you'll be well versed in network protocol security and security countermeasures to protect network protocols. What You Will Learn: Understand security breaches, weaknesses, and protection techniques Attack and defend wired as well as wireless networks Discover how to attack and defend LAN-, IP-, and TCP/UDP-based vulnerabilities Focus on encryption, authorization, and
Tags
Support Statistics
¥.00 ·
0times
Text Preview (First 20 pages)
Registered users can read the full content for free
Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.
Page
1
(This page has no text content)
Page
2
1 Network Protocols for Security Professionals Copyright ©2022 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Early Access Publication: Network Protocols for Security Professionals Early Access Production Reference: B13010 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK
Page
3
2 ISBN: 978-1-78995-348-0 www.packt.com
Page
4
3 Table of Contents 1. Network Protocols for Security Professionals: Probe and identify network-based vulnerabilities and safeguard against network protocol breaches 2. 1 Data Centers and the Enterprise Network Architecture and its Components I. Exploring networks and data flows II. The data center, core, and user networks III. Switching (L2) and routing (L3) topologies i. Switching (L2) and routing (L3) ii. L2 and L3 architectures iii. L2 and L3 architecture data flow iv. L2 and L3 architecture data flow with redundancy v. L2 and L3 topologies with firewalls vi. L2 and L3 topologies with overlays IV. The network perimeter V. The data, control, and management planes i. The data plane ii. The control plane iii. The management plane VI. SDN and NFV i. Software-defined networking (SDN) ii. Network function virtualization (NFV) VII. Cloud connectivity VIII. Type of attacks and where they are implemented i. Attacks on the internet ii. Attacks from the internet targeting the organization network iii. Attacks on firewalls iv. Attacks on servers v. Attacks on local area networks (LANs) vi. Attacks on network routers and routing protocols vii. Attacks on wireless networks IX. Summary X. Questions
Page
5
4 XI. Answers 3. 2 Network Protocol Structures and Operations I. Data network protocols and data structures II. Layer 2 protocols –STP, VLANs, and security methods i. The Ethernet protocols ii. LAN switching iii. VLANs and VLAN tagging iv. Spanning tree protocols III. Layer 3 protocols – IP and ARP IV. Routers and routing protocols i. Routing operations ii. Routing protocols V. Layer 4 protocols – UDP, TCP, and QUIC i. UDP ii. TCP iii. QUIC iv. Vulnerabilities in layer 4 protocols VI. Encapsulation and tunneling VII. Summary VIII. Questions IX. Answers 4. 3 Security Protocols and Their Implementation I. Security pillars – confidentiality, integrity, and availability II. Encryption basics and protocols i. Services provided by encryption ii. Stream versus block ciphers iii. Symmetric versus asymmetric encryption III. Public key infrastructure and certificate authorities IV. Authentication basics and protocols i. Authentication types ii. Username/password with IP address identification authentication iii. Encrypted username/password authentication iv. Extensible authentication protocol (EAP) V. Authorization and access protocols VI. Hash functions and message digests VII. IPSec and key management protocols i. Virtual Private Networks (VPNs) ii. IPSec principles of operation
Page
6
5 iii. IPSec tunnel establishment iv. IPSec modes of operation v. IPSec authentication and encryption protocols vi. IPSec authentication header (AH) protocol vii. IPSec encapsulation security payload (ESP) protocol VIII. SSL/TLS and proxies i. Protocol basics ii. The handshake protocol IX. Network security components – RADIUS/TACACS+, FWs, IDS/IPSs, NAC, and WAFs i. Firewalls ii. RADIUS, NAC, and other authentication features iii. Web application firewalls (WAFs) X. Summary XI. Questions 5. )4Using Network Security Tools, Scripts, and Code I. Commercial, open source, and Linux-based tools i. Open source tools ii. Commercial tools II. Information gathering and packet analysis tools i. Basic network scanners ii. Network analysis and management tools iii. Protocol discovery tools III. Vulnerability analysis tools i. Nikto ii. Legion IV. Exploitation tools i. Metasploit Framework (MSF) V. Stress testing tools i. Windows tools ii. Kali Linux tools VI. Network forensics tools i. Wireshark and packet capture tools VII. Summary VIII. Questions IX. Answers 6. 5 Finding Protocol Vulnerabilities I. Black box, white box, and gray box testing II. Black box and fuzzing
Page
7
6 i. Enterprise networks testing ii. Provider networks testing iii. Fuzzing phases III. Common vulnerabilities i. Layer 2-based vulnerabilities ii. Layer 3-based vulnerabilities iii. Layer 4-based vulnerabilities iv. Layer 5-based vulnerabilities v. Layer 6-based vulnerabilities vi. Layer 7-based vulnerabilities IV. Fuzzing tools i. Basic fuzzing ii. Breaking usernames and passwords (brute-force attacks) iii. Fuzzing network protocols V. Crash analysis – what to do when we find a bug VI. Summary VII. Questions VIII. Answers 7. 6 Finding Network-Based Attacks I. Planning a network-based attack i. Gathering information from the network ii. Stealing information from the network iii. Preventing users from using IT resources II. Active and passive attacks i. Active attacks ii. Passive attacks III. Reconnaissance and information gathering i. Listening to network broadcasts ii. Listening on a single device/port-mirror IV. Network-based DoS/DDoS attacks and flooding i. Flooding through scanning attacks ii. Random traffic generation flooding iii. Generating and defending against flooding and DoS/DDoS attacks V. L2-based attacks i. MAC flooding ii. STP, RSTP, and MST attacks VI. L3- and ARP-based attacks
Page
8
7 i. ARP poisoning ii. DHCP starvation VII. Summary VIII. Questions 8. 7 Finding Device-Based Attacks I. Network devices’ structure and components i. The functional structure of communications devices ii. The physical structure of communications devices II. Attacks on the management plane and how to defend against them i. Brute-force attacks on console, Telnet, and SSH passwords ii. Brute-force attacks against SNMP passwords (community strings) iii. Brute-force attacks against HTTP/HTTPS passwords iv. Attacks on other ports and services v. SYN-scan and attacks targeting the management plane processes’ availability III. Attacks on the control plane and how to defend against them i. Control plane-related actions that influence device resources IV. Attacks on the data plane and how to defend against them i. Protection against heavy traffic through an interface V. Attacks on system resources i. Memory-based attacks, memory leaks, and buffer overflows ii. CPU overload and vulnerabilities VI. Summary VII. Questions VIII. Answers 9. 9 Using Behavior Analysis and Anomaly Detection I. Collection and monitoring methods i. SNMP ii. NetFlow and IPFIX iii. Wireshark and network analysis tools II. Establishing a baseline i. Small business/home network ii. Medium-size enterprise network
Page
9
8 III. Typical suspicious patterns i. Scanning patterns IV. Summary V. Questions VI. Answers
Page
10
9 Network Protocols for Security Professionals: Probe and identify network-based vulnerabilities and safeguard against network protocol breaches Welcome to Packt Early Access. We’re giving you an exclusive preview of this book before it goes on sale. It can take many months to write a book, but our authors have cutting-edge information to share with you today. Early Access gives you an insight into the latest developments by making chapter drafts available. The chapters may be a little rough around the edges right now, but our authors will update them over time. You’ll be notified when a new version is ready. This title is in development, with more chapters still to be written, which means you have the opportunity to have your say about the content. We want to publish books that provide useful information to you and other customers, so we’ll send questionnaires out to you regularly. All feedback is helpful, so please be open about your thoughts and opinions. Our editors will work their magic on the text of the book, so we’d like your input on the technical elements and your experience as a reader. We’ll also provide frequent updates on how our authors have changed their chapters based on your feedback. You can dip in and out of this book or follow along from start to finish; Early Access is designed to be flexible. We hope you enjoy getting to know more about the process of writing a Packt book. Join the exploration of new topics by contributing your ideas and see them come to life in print.
Page
11
10 1. Data Centers and the Enterprise Network Architecture and its Components 2. Network Protocol Structures and Operations 3. Security Protocols and Their Implementation 4. Using Network Security Tools, Scripts and Codes 5. Finding Protocol Vulnerabilities 6. Finding Network-Based Attacks 7. Finding Device-Based Attacks 8. Network Traffic Analysis and Eavesdropping 9. Using Behavior Analysis and Anomaly Detection 10. Discovering LANs, IP, and TCP/UDP-Based Attacks 11. Implementing Wireless Networks Security 12. Attacking Routing Protocols 13. DNS Security 14. Securing Web and Email Services 15. Enterprise Applications Security - Databases and Filesystems 16. IP Telephony and Collaboration Services Security
Page
12
11 1 Data Centers and the Enterprise Network Architecture and its Components Communication networks have long been a critical part of any organization. Protecting them against risks of all kinds, especially security risks, is critical to the operation of the organization. Understanding the structure of data networks will help you understand network vulnerabilities, where they exist, and where and how we can protect against them. This chapter provides a preview of a data network’s structure and weakness points. We will also describe the hardware, software, and protocols involved in the network, as well as their potential vulnerabilities. We will talk about the traditional structure of enterprise networks and data centers, network components and their connectivity, and understand the data flows in the network. Finally, we will explain the evolving software-defined networking (SDN) and network function virtualization (NFV) technologies and their impact on data networks, along with the networking and security considerations of cloud connectivity. In this chapter, we’re going to cover the following main topics: Exploring networks and data flows The data center, core, and user networks Switching (L2) and routing (L3) topologies The network perimeter The data, control, and management planes SDN and NFV Cloud connectivity Types of attacks and where they are implemented
Page
13
12 Exploring networks and data flows Network architecture is about how the building blocks of the networks are connected; data flows are about the information that flows through the network. Understanding the network architecture will assist us in understanding the weak points of the network. Data flows can be manipulated by attackers to steal information from the network. By diverting them in the attacker's direction, the attacker can watch information running through the network and steal valuable information. To eliminate this from happening, you must understand the structure of your network and the data that flows through it. A typical data network is built out of three parts: The data center, which holds the organization's servers and applications. The core network, which is the part of the network that is used to connect all the parts of the network, including the user’s network, the data centers, remote networks, and the internet. The user’s network, which is the part of the network that is used for the user’s connectivity. The user network is usually based on the distribution and access networks. These parts are illustrated in the following diagram:
Page
14
13 Figure 1.1 – Typical enterprise network In the top-left corner, we can see the main data center, DC-1 . The user’s network is located in the data center site; that is, Users-1 . In the top-right corner, we can see a secondary data center, DC-2 , with a user’s network located on the secondary data center site. The two data centers are connected to the internet via two firewalls, which are located in the two data centers. In the center of the diagram, we can see the Wide Area Network (WAN) connectivity, which includes the routers that connect to the service provider’s (SP’s) network and the SP network that establishes this connectivity. In the lower part of the diagram, we can see the remote sites that connect to the center via the SP network.
Page
15
14 Now, let’s focus on the protocols and technologies that are implemented on each part of the network. The data center, core, and user networks First, let’s see what the areas in the organization’s data network are. The data center is the network that holds the majority of the organization's servers. In many cases, as shown in the following diagram, we have two data centers that work in high availability mode; that is, if one data center, fails the other one can fully or partially take its place. The user networks depend on the size, geographical distribution, and the number of users in the organization. The core network is the backbone that connects the users to the data center, remote offices, and the internet. The distribution switches will be in central locations in the campus and the access switches are located in buildings and small areas. The data center, core, and user networks are illustrated in the following diagram, which is of a typical mid-sized network:
Page
16
15 Figure 1.2 – The data center, core, and user networks At the top, we can see the data center switches, when every server is connected via two cables. This connectivity can be implemented as port redundancy for redundancy only or link aggregation (LAG) for redundancy and load sharing. A typical connection is implemented with two wires, copper or fiber, when heavy-duty servers on server blades can be connected with 2-4 wires or more. In the center, we can see the core switches. As the name implies, they are the center of the network. They connect between the data center and the user network, and they connect to remote sites, the internet, and other networks. The connectivity between the core switches and the data center switches can be implemented in Layer 2 or Layer 3, with or without an overlay technology, as we will see later in this chapter.
Page
17
16 The user network holds the distribution and access areas. The access layer holds the switches that connect to the users, while the distribution layer aggregates access switches. For example, in a Campus network, there will be a distribution switch for every building or group of buildings, while the access switches are connected to the nearest one. Distribution switches are usually installed in a redundant topology – that is, two switches per site – when the access switches are connected to both. In the next section, we will learn about Layer 2 and Layer 3 by examining the data flow and how data passes through the network. We will describe various design options and describe the pros and cons from a security point of view. Switching (L2) and routing (L3) topologies In this section, we will talk about the structure of a campus network. Switching (L2) and routing (L3) Layer 2 switches are devices that switch packets between ports, while Layer 3 switches or routers look at the Layer 3 header of the packet and make routing decisions. This can be seen in the following diagram. At the top left, we can see a single LAN switch. We can see that a frame arrives at the switch. Then, the switch looks at the destination MAC address, makes a forwarding decision, and forwards the frame to the destination port; that is, port 3 . At the bottom left, we can see how a frame crosses a network of switches. The frame enters the left switch, which makes a forwarding decision and forwards it to port 3 . Port 3 is connected to port 1 on the right switch, which looks at its MAC address and forwards it to the right switch; that is, port 4 . The decision on how to forward the frames is done locally; that is, the decision is made on every switch without any connection to the other.
Page
18
17 In routing, as shown to the right of the following diagram, a decision is made at Layer 3. When a packet enters the router, the router looks at the Layer 3 destination address, checks if the packet’s destination is valid in the routing table, and then makes a routing decision and forwards the packet to the next hop: Figure 1.3 – The data center, core, and user network Important Note In the packets shown in the preceding diagram, D stands for destination address and S stands for source address. Although in Ethernet the destination address comes before the source, for convenience, it is presented in the same order – D and S for both L2 and L3. While the basic building blocks of data networks are Layer 2 switches that the users connect to, we can also use Layer 3 switches in the higher levels – that is, the distribution, core, or data center level –to divide the network into different IP networks. Before we move on, let’s see what Layer 3 switches are.
Page
19
18 The following diagram shows a traditional router to the left and a Layer 3 switch to the right. In a traditional router, we assign an IP address to every physical port – that is, Int1 , Int2 , Int3 , and Int4 – and connect a Layer 2 switch to each when devices, such as PCs in this example, are connected to the external switch. In a Layer 3 switch, it is all in the same box. The Layer 3 interfaces (called Interface VLAN in Cisco) are software interfaces configured on the switch. VLANs are configured and an L3 interface is assigned to each. Then, the external devices are connected to the physical ports on the switch: Figure 1.4 – The data center, core, and users network Dividing the network into different IP subnets provides many advantages: it provides us with more flexibility in the design in that every department can get an IP subnet with access rights to specific servers, routing protocols can be implemented, broadcasts do not cross routers so that only a small part of the network will be harmed, and many more. L2 and L3 architectures
Page
20
19 L3 can be implemented everywhere in the network. When we implement Layer 3 in the core switches, their IP addresses will be the default gateways of the users; when we implement Layer 3 in the data center switches, their addresses will be the default gateways of the servers. The design considerations for a data network are not in the scope of this book. However, it is important to understand the structure of the network to understand where attacks can come from and the measures to take to achieve a high level of security. The following diagram shows two common network topologies – L3 on the core and DC switches on the left, and L3 on the DC only on the right: Figure 1.5 – L2/L3 network topologies
Comments 0
Loading comments...
Reply to Comment
Edit Comment