Appendix D Flashcards
What port is utilised by Telnet
TCP 23
What are the main security concerns regarding Telnet
Doesn’t encrypt communications and / or passwords. Can sniff passwords with packet analyser. Telnet has no authentication mechanisms to verify two communicating hosts. No MitM protection. Multiple vulnerabilities relating to telnet daemons. Vulnerable to brute force attacks.
What are the main security concerns of HTTP & HTTPS based management systems
Credentials can be transmitted insecurely over clear text protocols. Can sniff passwords with packet analyser. Web-based vulnerabilities: SQLi, XSS, Authentication Bypass. Vulnerable to brute-force attacks.
What are the main security concerns of using SSH
Outdated versions of SSH are vulnerable to a range of issues. SSH supported with CBC may allow attackers to recovery up to 32bits of plaintext from a block. SSH servers can support weak hashing algorithms: MD5 or 96-bit MAC algorithms. Vulnerable to brute-force attacks. Can support no authentication types.
What is SNMP
Simple Network Management Protocol. Devices that typically support SNMP include routers, switches, servers, workstations, printers etc. SNMP is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
What layer does SNMP operate on
Application (7)
What ports does SNMP utilise
UDP 161 & 162
What are the main security concerns of SNMP
Is a connectionless protocol, is vulnerable to IP Spoofing attacks. Authentication of clients is performed only by “community strings” instead of password. SNMP v1 and 2c “Community strings” are sent in clear text, susceptible to packet sniffing. Vulnerable to brute-force attacks against community / authentication / encryption strings as they do not implement a challenge response handshake. SNMP default community strings public and private.
What is TFTP
Trivial File Transfer Protocol is a simple, lock-step, file transfer protocol which allows a client to get or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a Local Area Network. TFTP has been used for this application because it is very simple to implement.
What port is used by TFTP
UDP 69
What are the three modes of transfer used by TFTP
Netascii Octet Mail
What are the primary security concerns for TFTP
No authentication. Communications are sent in clear text format. Extract sensitive files if the filename and path is known / guessed.
What is Cisco Reverse Telnet
A Telnet client which has the ability to Telnet to one device remotely, then “reverse” out of the device’s port to control a device connected to that port. Can be used to access serially connected devices
What port does Cisco Reverse Telnet operate on
TCP 2000 + 1, 3, 4 (line number / port number)
What are the main vulnerabilities associated with Cisco Reverse Telnet
Doesn’t encrypt communications and / or passwords. Can sniff passwords with packet analyser. Telnet has no authentication mechanisms to verify two communicating hosts. No MitM protection. Multiple vulnerabilities relating to telnet daemons. Vulnerable to brute-force attacks.
What is NTP
Network Time Protocol - Used for synching time on servers
What port does NTP operate on
UDP 123
What are the main security concerns regarding NTP
Suscepticle to MitM attacks unless packets are signed for authentication. Overhead can cause DoS scenario. DDOS attacks can occur by sending commands to NTP server with spoofed return address. Enumerate system information such as hostname, CPU, OS and Daemon.
What are the three main tools used for network traffic ananlysis
Wireshark, Cain & Abel and Ettercap
What is ARP
Address Resolution Protocol, converts network layer (3) addresses into link layer (2) addresses (MAC to IP)
What are the main security concerns regarding ARP
ARP Spoofing / Cache Poisoning 1) Attacker spoofs own MAC address to impersonate legitimate user. 2) Attacker broadcasts spoofed ARP messages onto network. 3) Recipient updates legitimate user details on ARP Cache with attackers details. 4) Traffic is intercepted.
ARP spoofing opens up what attack possibilities
DoS - Can drop packets. MitM - Traffic can be modified before forwarding it to destination. MAC Flooding - Flood switch with ARP message until it becomes a HUB.
What measures can be taken to prevent ARP spoofing
Static ARP Entries ARP Spoofing Detection Software. OS Security.
What does DHCP stand for
Dynamic Host Control Protocol