Week 12 - Infrastructure, host and application security Flashcards
network infrustructure?
various technologies, devices, services and interconnections to provide communication across a network
security of a network infrustructure?
installing preventative measure
Cisco three layer model?
a hierarchical model to help understand the complexity of a network
Cisco three layer model access
entry point for end user devices.
security controlled via access control features and using policies
Cisco three layer model distribution
routers and switches, devices for filtering traffic and access to WAN features in core layer
Cisco three layer model core
the delivery of large volumes of traffic between distribution layer devices. aka the network backbone
what is a switch?
an entry point for end users devices on to a network
How many types of switch?
two, unmanaged - home - plugin an use without config
managed - businesses - allows config and control over traffic management and security
security implications of a switch?
devices not being hardened - weak authentication.
MAC flooding - attack causes the switch to overload and reveal addresses
whats a router?
routing packets between networks (WWW)
what are the two types of router function?
path determination builds a routing table - a database of known networks
packet forwarding accepts a packet then determines where it should be sent
security implications of a router?
prone to attacks if not properly protected - routing tables are vulnerable -DoS.
main vulnerabilities of switches?
MAC address tables: flooding causes the switch to act as a hub revealing all devices on the network - prone to eavesdropping
VLAN
can be used to reveal and access devices on another network
main vulnerabilities of routers?
attack on router services
manipulation of discovery protocols - reveal neighbouring networks
buffer overflows ICMP (ping) - echo request that are too large - buffer overflow - DoS
routing tables
manipulation of routing protocols - MITM or DoS
what is network media?
all components to connect devices - circuitry, connectors and media
three types of attacks?
volume based attack: saturates bandwidth with spoofed packets
protocol attack: consumes resources
application layer attack:
uses systems and device vulnerabilities to crash servers and devise
How does a DDoS attack work?
master computer uses a number of other bots (botnets) to attack to overwhelm and disrupt
techniques implemented in routers to mitigate DoS attacks:
blackholing
traffic from suspicious source is dropped into a black hole - packets dropped from network
limiting requests
allowing a server to receive no more than a certain number of requests
net diffusion
using load balancing techniques
what is spoofing?
when traffic seems to be originating from a trusted source but is in fact originating from another source using falsified information.
two categories of spoofing?
non-blind spoofing
attacker can see traffic on network
*blind spoofing**
attacker cannot see packets between source and destination (common DoS attack)
IP spoofing?
IP has forged source source address - network layer (layer 3)
DNS spoofing?
interception of DNS before actual DNS can respond. victim lead to a falsified website - application layer (layer 7)
What is DNS?
domain name system
phonebook of the internet
ARP spoofing?
aka address resolution protocol (ARP) poisoning. - used to determine MAC address where IP address is already known - modifies ARP cache then uses victims IP address
Securing devices ; whats a firewall?
1s line of defence - barrier between network and users -
what are the 3 types of firewall?
packet filter
looking at packets and comparing against firewall rules
stateful packet inspection
examines each packet and previous packets in the conversation - sniffs out DoS attacks
stateless inspection
monitors traffic based on source and destination information
application filter, also known as?
proxy - filters specific types of application and protocol being used - added security features
transparent proxy?
receives and forwards data - does not modify -o
anonymous proxy
does not pass IP address details - identifies as proxy - keeps web browsing private - targeted for location based advertising
high anonymous proxy?
source IP address periodically changes - making it difficult to keep track of location of IP
whats honeypots?
diverts attackers away from real target - identifies new vulnerabilities to learn attackers identity or pattern of attack
