Local Area Networks. LAN Security and local attacks. TDC 363 Winter 2008 John Kristoff - DePaul University 1



Similar documents
Course Contents CCNP (CISco certified network professional)

Securing end devices

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon Paul Coggin Senior Principal Cyber Security

Interconnecting Cisco Networking Devices Part 2

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

: Interconnecting Cisco Networking Devices Part 2 v1.1

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops

Security Considerations in IP Telephony Network Configuration

Solutions for LAN Protection

Switching in an Enterprise Network

Tools for Attacking Layer 2 Network Infrastructure

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

C)PTC Certified Penetration Testing Consultant

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Network Security. Ensuring Information Availability. Security

Top-Down Network Design

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

Configuring the Transparent or Routed Firewall

Campus LAN at NKN Member Institutions

ASM Educational Center (ASM) Est. 1992

Danger of Proxy ARP in IX environment version 0.3. Maksym Tulyuk

Network security includes the detection and prevention of unauthorized access to both the network elements and those devices attached to the network.

Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs

Own your LAN with Arp Poison Routing

VLAN und MPLS, Firewall und NAT,

Chapter 8 Security Pt 2

Building Secure Network Infrastructure For LANs

How To Understand and Configure Your Network for IntraVUE

CHAPTER 10 LAN REDUNDANCY. Scaling Networks

Juniper / Cisco Interoperability Tests. August 2014

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

SSVP SIP School VoIP Professional Certification

HARTING Ha-VIS Management Software

Interconnecting Cisco Networking Devices: Accelerated (CCNAX) 2.0(80 Hs) 1-Interconnecting Cisco Networking Devices Part 1 (40 Hs)

Security of IPv6 and DNSSEC for penetration testers

Security for 802 Access Networks: A Problem Statement

Objectives. Explain the Role of Redundancy in a Converged Switched Network. Explain the Role of Redundancy in a Converged Switched Network

Redundancy and load balancing at L3 in Local Area Networks. Fulvio Risso Politecnico di Torino

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Post-Class Quiz: Telecommunication & Network Security Domain

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

CCNP v2 Eğitimi İçeriği

Recommended Configuration of Switches in Campus Networks Best Practice Document

VLANs. Application Note

Can PowerConnect Switches Be Used in IP Multicast Networks?

16-PORT POWER OVER ETHERNET WEB SMART SWITCH

Redundancy and load balancing at L3 in Local Area Networks. Fulvio Risso Politecnico di Torino

Configuring Triple Play Security with CLI

What is VLAN Routing?

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

(d-5273) CCIE Security v3.0 Written Exam Topics

- Multicast - Types of packets

VXLAN: Scaling Data Center Capacity. White Paper

20 GE + 4 GE Combo SFP G Slots L3 Managed Stackable Switch

DCRS-5650 Dual Stack Ethernet Switch Datasheet

RESILIENT NETWORK DESIGN

Recommended IP Telephony Architecture

DCS CT-POE fully loaded AT PoE Switch Datasheet

TCP/IP Security Problems. History that still teaches

CCIE Security Written Exam ( ) version 4.0

Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap

SSVVP SIP School VVoIP Professional Certification

AlliedWare TM OS How To. Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks. Introduction. Related How To Notes

CHAPTER 6 DESIGNING A NETWORK TOPOLOGY

CCT vs. CCENT Skill Set Comparison

Chapter 13 Internet Protocol (IP)

Efficient Video Distribution Networks with.multicast: IGMP Querier and PIM-DM

Exploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews

Mobility on IPv6 Networks

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

DCS C Fast Ethernet Intelligent Access Switch Datasheet

High Performance 10Gigabit Ethernet Switch

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009

IT-AD08: ADD ON DIPLOMA IN COMPUTER NETWORK DESIGN AND INSTALLATION

How To Learn Cisco Cisco Ios And Cisco Vlan

"Charting the Course...

AT-S41 Version Management Software for the AT-8326 and AT-8350 Series Fast Ethernet Switches. Software Release Notes

NETE-4635 Computer Network Analysis and Design. Designing a Network Topology. NETE Computer Network Analysis and Design Slide 1

Securing Cisco Network Devices (SND)

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Security Technology White Paper

Chapter 1 Network Security

Configuring DHCP Snooping

ProCurve Networking IPv6 The Next Generation of Networking

Juniper Exam JN0-343 Juniper Networks Certified Internet Specialist (JNCIS-ENT) Version: 10.1 [ Total Questions: 498 ]

24-port 10/ port Gigabit

Chapter 3 LAN Configuration

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

IP(v6) security. Matěj Grégr. Brno University of Technology, Faculty of Information Technology. Slides adapted from Ing.

Implementing Cisco IOS Network Security

ARP and DNS. ARP entries are cached by network devices to save time, these cached entries make up a table

IINS Implementing Cisco Network Security 3.0 (IINS)

HP Switches Controlling Network Traffic

Configuration Examples. D-Link Switches L3 Features and Examples IP Multicast Routing

CSCE 465 Computer & Network Security

COURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking

Transcription:

Local Area Networks LAN Security and local attacks TDC 363 Winter 2008 John Kristoff - DePaul University 1

Overview Local network attacks target an internal network Some attacks can be launched remotely Few ops monitor or guard against local attacks Ultimately everything is a physical security problem TDC 363 Winter 2008 John Kristoff - DePaul University 2

Traffic Eavesdropping Easy on shared media LANs Still possible on switched LANs e.g. flood or trick the bridge address table Easy on wireless LANs Possible to install physical splitter/tap/hub/bridge Would you see a physical something? Does the link bounce? Would you notice that? TDC 363 Winter 2008 John Kristoff - DePaul University 3

LAN Bridge/Switch Attacks Overflow MAC address tables to cause flooding Typical gear can hold a few thousand addresses MAC addresses = 48 bits or >> a few thousand Spoof spanning tree BPDU messages Take over as root/designated bridge Cause continuous topology recomputations Forge VLAN, priority or aggregation tags Spoof PAUSE (flow control) frames (gig only) DDoS/floods, broadcast storms TDC 363 Winter 2008 John Kristoff - DePaul University 4

Preventing LAN Bridge Attacks Monitor MAC address tables Manually set root bridge and monitor Use knobs like Cisco's BPDU and Root Guard Manually set and prune trunked switch ports Use 802.1x port authentication TDC 363 Winter 2008 John Kristoff - DePaul University 5

ARP-based Attacks ARP request spoofing Responders to a request cache the sender's info As do others who already have the sender's info ARP update spoofing (gratutious ARP) Thinking out loud: Is UNARP widely used? No. Can we poison ARP entries to = group address? TDC 363 Winter 2008 John Kristoff - DePaul University 6

Preventing ARP-based Attacks Use LAN switches with one port per end host Enable port security to limit source MAC addresses Use 802.1x port authentication Enable (get) knobs on end hosts to validate ARPs How to best do this? Monitor LAN bridge/switch address tables Monitor router ARP tables Keep history of address/arp tables FYI... vendors must support knobs (at line rate) TDC 363 Winter 2008 John Kristoff - DePaul University 7

Routing Attacks Route injection Route monitoring Route redirection Route process DDoS attack Note, other types of local attacks may target routers TDC 363 Winter 2008 John Kristoff - DePaul University 8

Preventing Routing Attacks Strongly authenticate all routing updates/packets Listen/send routing packets where there are routers Protect processes and access (ports, IPs, physical) Monitor routing Table size (especially changes over time) Checksum values and LSA counts in OSPF Flaps, deaggreation, traffic patterns Build baseline network map (ala Ches's netmapper) TDC 363 Winter 2008 John Kristoff - DePaul University 9

DHCP Attacks Spoof DHCP requests Spoof DHCP replies (or be a rogue DHCP server) Thinking out loud: Can we spoof DHCP releases? TDC 363 Winter 2008 John Kristoff - DePaul University 10

Preventing DHCP Attacks Monitor DHCP discover/lease activity Monitor DHCP discovers, requests and offers Clients broadcast request, contains server IP Can monitor DHCP packets and contents at: DHCP servers Router edges Use intra-vlan knobs (e.g. Cisco's intra-vacl) Use anti-spoofing knobs (e.g. Cisco's DHCP Snooping and IP Source Guard) TDC 363 Winter 2008 John Kristoff - DePaul University 11

Multicast Attacks Spoof IGMP querier function (does this do much?) Spoof IGMP reports (joins) There are 224.0.0.0/4 IP multicast groups Spoof or simply generate group traffic Thinking out load: How to better authenticate group participation? Will we see intentional multicast based attacks? TDC 363 Winter 2008 John Kristoff - DePaul University 12

Preventing Multicast Attacks Monitor IGMP querier on router edges Monitor IP multicast group usage on edges Monitor IP multicate routing state changes Heavily filter IP multicast group state, allow just: 224.0.0.0/8 225.0.0.0/8 239.192.0.0/14 (internal only if used) 233.xx.yy.0/8 (GLOP space) Then filter out bogus groups in above ranges TDC 363 Winter 2008 John Kristoff - DePaul University 13

Other Attacks HSRP/VRRP - use MD5 auth and/or IPSEC Wireless DDoS protection and auth mechanisms needed! ICMP redirect, source quench, router advertisement These are easily fixed Time sync - who is getting time from who? DNS spoofing IPv6 - potential problems with discovery/autoconf? TDC 363 Winter 2008 John Kristoff - DePaul University 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information