Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Defining Security
Fundamentals
Closed Network
Frame
Relay X.25
Leased Line
Open Network
Mobile
and
Remote
Internet-Based
Users Intranet (VPN)
Internet-Based
Intranet (VPN)
Internet-Based
Extranet (VPN)
Remote Remote
Site Site Partner
Mobile PSTN Site
and
Remote
Users
Sophistication
High of Hacker Tools
Stealth Diagnostics
Packet Forging and Spoofing
Sniffers
Scanners
Hijacking Sessions
Back Doors
Self-Replicating
Code Password
Cracking
Technical
Knowledge
Password
Guessing Required
As businesses become
more open to supporting
Internet-powered initiatives
such as
e-commerce, customer
care, supply-chain
management, and extranet
collaboration, network
security risks are also
increasing.
Business security
Workforce E-Learning
requirements:
Optimization • Defense in depth
• Multiple
components
Internet
Presence • Integration into
Corporate e-business
Internet Intranet infrastructure
Access • Comprehensive
blueprint
Internal
Internet Exploitation
Dial-In
Ex
Ex tern Exploitation
plo al
ita
ti o
n
Reconnaissance refers to
the overall act of learning
about a target network by
using readily available
information and
applications.
Host A Host B
Router A Router B
Host A Host B
Router A Router B
Here are techniques and tools that can be used to mitigate sniffer attacks:
• Authentication: A first option for defense against packet sniffers is to
use strong authentication, such as one-time passwords.
• Switched infrastructure: Deploy a switched infrastructure to counter the
use of packet sniffers in your environment.
• Antisniffer tools: These tools to consist of software and hardware
designed to detect sniffers on a network.
• Cryptography: The most effective method for countering packet sniffers
does not prevent or detect them but rather renders them irrelevant.
Main purpose of
access attacks on
networks or systems:
• Retrieve data
• Gain access
• Escalate access
privileges
Hackers can
implement password
attacks by using
several methods:
• Brute-force attacks
• Trojan horse
programs
• IP spoofing
• Packet sniffers
• A hacker leverages
existing trust System A trusts System B.
• Systems on the
outside of a
firewall should
never be
absolutely trusted System A
User = psmith; Pat Smith
by systems on the
inside of a firewall. System B
Hacker
• Such trust should Blocked.
compromised
by hacker.
be limited to User = psmith; Pat
Smith
specific protocols
and should be
validated by Hacker
something other User = psmith; Pat Smithson
than an IP address
where possible.
© 2005 Cisco Systems, Inc. All rights reserved. IPS 5.0—1-30
Port Redirection
• Port redirection is a
type of trust- Source: Attacker Source: Attacker
exploitation attack that Attacker
Destination: A
Port: 22
Destination: B
Port: 23
uses a compromised
host to pass traffic that Compromised
would otherwise be Host A
dropped through a
firewall
• It is mitigated primarily
through the use of
proper trust models. Source: A
• Antivirus software and Destination: B
Port: 23
host-based IDS can
help detect and
prevent a hacker from
installing port Host B
redirection utilities on
the host.
© 2005 Cisco Systems, Inc. All rights reserved. IPS 5.0—1-31
Man-in-the-Middle Attacks
Host A Host B
Data in Clear Text
Router A Router B
• A man-in-the-middle attack requires that the hacker have access to network
packets that come across a network.
• A man-in-the-middle attack is implemented by using the following:
– Network packet sniffers
– Routing and transport protocols
• Possible uses of a man-in-the-middle attack include the following:
– Theft of information
– Hijacking of an ongoing session
– Traffic analysis
– DoS
– Corruption of transmitted data
– Introduction of new information into network sessions
© 2005 Cisco Systems, Inc. All rights reserved. IPS 5.0—1-32
Man-in-the-Middle Attack Mitigation
A man-in-the-middle attack
can see only cipher text.
IPSec Tunnel
Host A Host B
1. The Enabling
Vulnerability
2. Propagation
Mechanism
3. Payload
• SNMP recommendations:
– Configure SNMP only with read-only community strings.
– Set up access control on the device you wish to manage.
– Use SNMP version 3 or above.
• Logging recommendations:
– Encrypt syslog traffic within an IPSec tunnel.
– Implement RFC 2827 filtering.
– Set up access control on the firewall.
• TFTP recommendations:
– Encrypt TFTP traffic within an IPSec tunnel.
• NTP recommendations:
– Implement your own master clock.
– Use NTP version 3 or above.
– Set up access control that specifies which network devices
are allowed to synchronize with other network devices.
© 2005 Cisco Systems, Inc. All rights reserved. IPS 5.0—1-52
Summary