book

Network Protocols for Security Professionals

by Yoram Orzach, Deepanshu Khanna

October 2022

Intermediate to advanced

580 pages

12h 5m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorsAbout the reviewers
Who this book is forWhat this book coversDownload the color imagesConventions usedGet in touchShare your thoughtsDownload a Free PDF copy of this book
Exploring networks and data flowsThe data center, core, and user networksSwitching (L2) and routing (L3) topologiesSwitching (L2) and routing (L3)L2 and L3 architecturesL2 and L3 architecture data flowL2 and L3 architecture data flow with redundancyL2 and L3 topologies with firewalls L2 and L3 topologies with overlaysThe network perimeterThe data, control, and management planesThe data planeThe control planeThe management planeSDN and NFV Software-defined networking (SDN)Network function virtualization (NFV)Cloud connectivity Type of attacks and where they are implementedAttacks on the internet Attacks from the internet targeting organizational networks Attacks on firewalls Attacks on servers Attacks on local area networks (LANs)Attacks on network routers and routing protocolsAttacks on wireless networks SummaryQuestions
Data network protocols and data structuresLayer 2 protocols – STP, VLANs, and security methodsThe Ethernet protocolsLAN switchingVLANs and VLAN taggingSpanning tree protocolsLayer 3 protocols – IP and ARPRouters and routing protocolsRouting operationsRouting protocols Layer 4 protocols – UDP, TCP, and QUICUDPTCPQUICVulnerabilities in layer 4 protocolsEncapsulation and tunnelingSummary Questions
Security pillars – confidentiality, integrity, and availabilityEncryption basics and protocolsServices provided by encryptionStream versus block ciphers Symmetric versus asymmetric encryption Public key infrastructure and certificate authorities Authentication basics and protocolsAuthentication typesUsername/password with IP address identification authenticationEncrypted username/password authenticationExtensible authentication protocol (EAP)Authorization and access protocolsHash functions and message digestsIPSec and key management protocolsVPNsIPSec principles of operationIPSec tunnel establishmentIPSec modes of operationIPSec authentication and encryption protocolsIPSec AH protocolIPSec ESP protocolSSL/TLS and proxiesProtocol basicsThe handshake protocolNetwork security components – RADIUS/TACACS+, FWs, IDS/IPSs, NAC, and WAFsFirewallsRADIUS, NAC, and other authentication featuresWeb application firewalls (WAFs)Summary Questions
Commercial, open source, and Linux-based toolsOpen source tools Commercial toolsInformation gathering and packet analysis toolsBasic network scannersNetwork analysis and management toolsProtocol discovery toolsVulnerability analysis toolsNikto LegionExploitation toolsThe Metasploit Framework (MSF)Stress testing toolsWindows toolsKali Linux toolsNetwork forensics tools Wireshark and packet capture toolsSummaryQuestions
Black box, white box, and gray box testingBlack box and fuzzingEnterprise networks testingProvider networks testingFuzzing phasesCommon vulnerabilitiesLayer 2-based vulnerabilitiesLayer 3-based vulnerabilities Layer 4-based vulnerabilities Layer 5-based vulnerabilities Layer 6-based vulnerabilities Layer 7-based vulnerabilities Fuzzing toolsBasic fuzzing Breaking usernames and passwords (brute-force attacks)Fuzzing network protocols Crash analysis – what to do when we find a bugSummaryQuestions
Planning a network-based attackGathering information from the networkStealing information from the networkPreventing users from using IT resourcesActive and passive attacksActive attacksPassive attacksReconnaissance and information gatheringListening to network broadcastsListening on a single device/port-mirrorNetwork-based DoS/DDoS attacks and floodingFlooding through scanning attacksRandom traffic generation flooding Generating and defending against flooding and DoS/DDoS attacksL2-based attacks MAC floodingSTP, RSTP, and MST attacksL3- and ARP-based attacksARP poisoningDHCP starvationSummary Questions

Network devices' structure and components The functional structure of communications devicesThe physical structure of communications devicesAttacks on the management plane and how to defend against themBrute-force attacks on console, Telnet, and SSH passwords Brute-force attacks against SNMP passwords (community strings)Brute-force attacks against HTTP/HTTPS passwordsAttacks on other ports and servicesSYN-scan and attacks targeting the management plane processes' availabilityAttacks on the control plane and how to defend against themControl plane-related actions that influence device resourcesAttacks on the data plane and how to defend against themProtection against heavy traffic through an interfaceAttacks on system resourcesMemory-based attacks, memory leaks, and buffer overflowsCPU overload and vulnerabilitiesSummary Questions
Packet analysis tools – Wireshark, TCPdump, and othersNetwork analyzersNetwork packetsPython/Pyshark for deep network analysisAdvanced packet dissection with LUAARP spoofing, session hijacking, and data hijacking tools, scripts, and techniquesARP protocolARP poisoningPacket generation and replaying toolsSummaryQuestions
Collection and monitoring methodsSNMPNetFlow and IPFIXWireshark and network analysis toolsEstablishing a baselineSmall business/home networkMedium-size enterprise networkTypical suspicious patterns Scanning patternsSummary Questions
Layer 2 attacks – how to generate them and how to protect against themAttacks on the switching discovery mechanismsAttacks on a VLAN mechanism and VLAN floodingICMP-based attacks, ping scans, the ping of death, and L3 DDoSPing scans and L3 DDoSThe ping of death and malformed packetsIP fragmentation and teardrop attacksLayer 4 TCP and UDP attacksUDP flooding attacks SYN flooding and stealth scan attacks and countermeasuresTCP RST (reset) and FIN attacksVarious TCP flag combination attacksTCP sequence attacks and session hijacking attacksSummary Questions
Wireless standards, protocols, and encryption standardsWireless standards – IEEE 802.11Wireless lab setup Sniffing wireless networksSniffing packets on the target APPacket injectionDiscovering hidden SSIDsCompromising open authentication wireless networks WLAN encryptions and their corresponding flaws and attacks Network jamming – DOS/DDOS wireless network attacksEvil twin attack – honeypotsPerson-in-the-Middle (PITM) attacksImplementing a secure wireless architecture SummaryQuestions
IGP standard protocols – the behaviors RIP (brief), OSPF, and IS-ISRIP protocol behaviorOSPF protocol behaviorIS-IS protocol behaviorDual IS-ISCLNPIS-IS levelsFalsification, overclaiming, and disclaimingDDOS, mistreating, and attacks on the control planePlanesDOS and DDOSReflection attacksRouting table poisoning and attacks on the management planeTraffic generation and attacks on the data planeAttacks on the data planeHow to configure your routers to protectBGP – protocol and operationBGP hijackingBGP mitigationSummaryQuestions
The DNS protocol, behavior, and data structureThe DNS protocol DNS behavior and structureDNS attack discovery – tools and analysisDNS enumerationVulnerability scanningAttacks on DNS resources – DNS flooding, NX records, and subdomainsNX record attacksDNS floodingAttacks on a service – domain spoofing and hijacking, or cache poisoningUsing DNS to bypass network controls – DNS tunneling DNS protectionSummaryQuestions
HTTP and HTTP2 protocol behavior, data structure, and analysis HTTP behavior, data structure, and analysisProxy servers HTTP request formationHTTP versionsHTTPS protocol behavior, data structure, and analysisWhat is HTTPS?TTP hacking tools – scanners, vulnerability checkers, and othersWeb vulnerabilities and exploitationSQL injection Remote code execution Cross-Site Scripting (XSS)Buffer overflowSession hijackingEmail protocols and loopholesSMTP protocol loopholesPhishingCountermeasures and defenseSummaryQuestions
Microsoft network protocols – NetBIOS, SMB, and LDAP operations, vulnerabilities, and exploitationNetBIOSSMB operations, vulnerabilities, and exploitationLDAP operations, vulnerabilities, and exploitationDatabase network protocols – TDS and SQLNet operationsTDSSQLNet Attacking SQL databases Enumeration of SQL servers in a domainMisconfiguration auditSQL server exploitationCountermeasures to protect network protocols and databasesSummaryQuestions
IP telephony – protocols and operationsVoIPSIP and its operationsRTP and its operationsIP telephony penetration testing lab setupIP telephony penetration testing methodologyEnumeration IP telephony penetration testingIP telephony security and best practicesSecuring the IP telephony networkSecuring the IP telephony deviceSecuring the media layerSecuring the signaling layerSummaryQuestions
Chapter 1Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12Chapter 13Chapter 14Chapter 15Chapter 16
Other Books You May EnjoyPackt is searching for authors like youShare your thoughtsDownload a Free PDF copy of this book

Content preview from Network Protocols for Security Professionals

Securing Web and Email Services

In the previous chapter, we learned about a very important network protocol, the DNS protocol. We looked into its in-depth architecture, how it works, various loopholes and misconfigurations, and how an attacker use those loopholes to exploit and compromise the important assets of any organization. So, in this chapter, we will look into more advanced attacks against some of the very important assets of any organization: web applications, email services, and servers.

Web applications and email services are the most important components of any organization because any attacker, at first, will only attack the web applications and try to compromise the internal machines by sending phishing emails or exploiting ...