TCP/IP Suite
Architectural Layers
|
||
Layer
|
Protocols
|
Responsibility
|
Application
|
HTTP, HTTP Secure, FTP, SMTP, Telnet, DNS,
RDP, SNMP, & POP
|
Give applications access to specific services
in order to exchange data.
|
Transport
|
TCP & UDP
|
Provides the application layer with session
and datagram communications services (Dulaney
& Easttom, 2014).
|
Internet
|
IP, ARP, & ICMP
|
Routes information, gives IP addresses, and
packages data.
|
Network Access
|
All of the above
|
Communicates with network adapters to remove
and place packets throughout the network.
|
Encapsulation can be compared to an onion as it
has many different layers that are involved.
This process permits the host-to-host protocol to send across the
network which through each layer it obtains an additional header of information
as it is sent. This process is extremely
important to understand as it can be helpful when troubleshooting data loss and
possible vulnerabilities within the network.
There are encapsulation vulnerabilities that we
all need to be aware of as they can be easily exploited. These are called inter-protocol exploitation
considering it is a type of vulnerability that takes advantage of two
communication protocols. The most
commonly found protocols that are exploited are SMTP, POP, and many more.
3. When designing a secure network, two
technologies of which I would utilize are Virtual Local Area Networks (VLAN)
and Demilitarized Zones (DMZ). A VLAN is
a segmentation that allows you to conceal portions of the network from other
sections. The reason of which VLAN's are
used in a secure network is it can enclose network traffic to a specific area
within the network. A DMZ is used to
send data into three different directions in order to control the traffic. This gives you the ability to hide servers
from people you may not trust on the network.
The key to DMZ is isolation and that in itself is why it is used in the
topology of a secure network.
There are three different types of firewalls,
one of which is a packet filter firewall, the next being a proxy firewall, and
then there is a stateful packet inspection firewall. All of which secure the network by checking
packets but in different ways. Each
firewall is different by how it processes the incoming and outgoing packet,
even how it allows or denies them also.
For
example, a packet filter firewall examines incoming packets on specific ports
to ensure they contain the correct information for the address it is sending
to. Whereas, a proxy firewall will only
examine data, such as packets to decide if it will be forwarded or blocked
internally. Lastly, the stateful packet
inspection firewall uses memory and records to track and ensure the packet is
traveling the correct channels.
The number one vulnerability within routers is
their software as they can be extremely buggy as the ISP sets them up
improperly. The best way to reduce this
threat is once a router is installed immediately configure it appropriately for
your network usage. The second router
vulnerability that intrigues me is the weak default password that most people
do not change. The obvious way to reduce
this issue is to change the password upon setup.
One of the vulnerabilities that affect switches
are called finger service, which if it is enabled it allows an attacker to collect
credentials and then close the connection.
In order to reduce this risk make sure this service is not enabled at
all times. Switches also have a small
service that is enabled by default on older models. This service allows the user to diagnose and
troubleshoot possible issues, but hackers can take advantage of them by
launching denial-of-service attacks.
This is another easy vulnerability to avoid if you make sure this
service is disabled when not in use.
Intrusion Detection
Systems
|
||
Type
|
Description
|
How it is used
|
Behavior-Based
|
Checks for variations of behavior on the
network.
|
Once a deviation in behavior is found it can
quickly respond to them.
|
Signature-Based
|
Using attack signatures and audit trails it
evaluates possible attacks.
|
If a known attack signature appears it can swiftly
eliminate the threat.
|
Anomaly
|
Checks for anything out of the ordinary.
|
When something out of the ordinary shows, it
can rapidly contain the threat.
|
Heuristic
|
Utilizes algorithms to examine all traffic
that passes through the network.
|
If the algorithm demonstrates a possible
threat it is contained.
|
References
Cisco Router/Switch Common Security Vulnerabilities
and Router/Switch Hardening. (n.d.).
Retrieved 11 25, 2016, from OmniSecu:
http://www.omnisecu.com/ccna-security/cisco-router-switch-security-vulnerabilities-and-hardening.php
Dulaney, E., &
Easttom, C. (2014). CompTIA Security+ Study Guide, Sixth Edition.
Indianapolis: John Wiley & Sons,.
Horowitz, M. (n.d.). Router
Bugs Flaws Hacks and Vulnerabilities. Retrieved 11 25, 2016, from Router
Security: http://routersecurity.org/bugs.php
Inter-protocol
Exploitation. (2008, 08 15). Retrieved
11 25, 2016, from Hakipedia:
http://hakipedia.com/index.php/Inter-protocol_Exploitation
No comments:
Post a Comment