Network Based Security Devices

00:01

Hey, guys. Welcome to another episode of the S S C P Exam Prep series. I'm your host, Peter Simple. Look, this is going to be the eighth and last lesson off the sixth of May.

00:14

So far in the six domain, we've seen a bunch of things related networking. We've taken a look at the O. S I and TCP ikey models I p networking and how information is sent across the network. We've taken a look at network apologies, different frameworks that networks were based on.

00:31

We've taken a walk at D and S and El Bab,

00:34

which are used to acquire information for the first time. We've taken a look at some commonly used ports and protocols for different surfaces. We've looked at Tel communications and how they interact with networks. We've seen how it's important to control network access and

00:53

be sure of what's coming in and out of your network.

00:56

And we've also taken a look at multimedia service's and technologies of things like remote meeting technology, instant messaging and how they're integrated within the network. And finally, at last in this lesson, we will take a look at network based security devices and how they provide

01:15

end and security across the network.

01:18

Let's get started

01:22

when it comes. The network security three. Importance of defense and death cannot be stressed enough. It's very important to have multiple layers of network security simply because there are so many things going on. The network.

01:36

Horribles are one way off. Implementing network security firewalls are considered to be a gateway protection device. They are designed to examine the flow of traffic that's coming in and out off the network, and they're also designed to,

01:53

ah, block any traffic that is

01:57

not good or malicious. Far balls usually act by a rule set so you can configure different rules as to what's allowed and what's not allowed. And then the firewall will filter all incoming traffic from there.

02:13

What if our walls also do is they can change the source i P addresses for outgoing traffic. This is known as network address translation, also known as Nat. Basically, when the

02:29

computer from inside the network sends information out through the fireball,

02:34

the far wall will change the I P address to protect the network address of the computer and thus at another layer of defense,

02:45

proxies are considered to be another type of Gateway protection device. The main job proxy is to mediate communications between trusted and untrusted endpoints.

02:58

When information more alas, gets sent to a proxy machine and the proxy server war machine can then send it to where it's supposed to go.

03:08

Now there are two different types of proxies. There's the Circuit proxy, which allows trusted host to talk with untrusted points. So instead of having that communication where you're sending information directly from a computer in your network

03:23

or something that you trust, you consented to the proxy machine. And then the proxy server

03:29

will take hair off, sending the network traffic to wherever it's supposed to go.

03:36

Proxy servers are often police at Internet gateways to hide internal network behind one i p. Address and to prevent direct communication between internal and external host.

03:47

The others is a application level process. This relays information between two end points with a specific application.

03:59

Now there, of course, there are all kinds of network attacks, one of them being on denial of service. Watch, obviously, is an attack which nice service is do a computer by overloading it with traffic. It's when multiple computers tried to make a request to another computer or server looking for information

04:18

at the same time.

04:19

And there's so many of them that thesis server can't respond to all of them and so just shuts down. It just it just becomes this able Now there's several types of denial of service. There's really volume based attacks, protocol attacks. An application layer attacks

04:35

some of the most common

04:38

specific attacks of denial of service on beast race. So the first is sin flooding. So this is an attack against the initial handshake in a TCP connection.

04:48

Remember when we said that in order to set up a TCP connection, the client sends a sin request to the server and the server response with a similar class and an acknowledgment that it received a request to begin with? That's how it starts well, and this denial of service attack.

05:08

There are so many cynic Wes hitting

05:11

this

05:12

ah server that it can't respond to them all and just kind of should just kind of stopped processing anymore because there's so many. So when the legitimate users try to access the server, then they won't be ableto

05:26

Now. There's also Smurf and Fraggle attacks, which more or less follow the same methodology. But just use a different protocol server attacks to use Internet control, message protocols and fraggle attacks use UDP protocol.

05:44

So the way this works is an attacker sends a request

05:47

to ace with us with us with the fake source i p

05:51

the store side pee off the target and they send it through the network to the broadcast networks. So when they send it to the broadcast I p. Address that that I p address will then send it to every single computer in the network.

06:08

So when you send an actor replaced every single computer in the network, all of the computers that are one which we most of them, if not all of them will send a echo request back saying that, you know, Hey, yes, we're on. Well, when they send everyone, all of the computers send the echo request back through the network,

06:26

they all go to the

06:28

source i p. The one that was spoofed and they all hit the target. And there's so many requests that the computer, the target really just can't keep up with it

06:40

spoofing the active, Impersonating someone even if you are not them. Obviously the most common types of spoofing our I p address proofing, email spoofing and d and s briefing. So in this example, we have a quick a little d n s spiffing diagram here. That's when the client wants to send

07:00

our quest to a real website because they want to access. I could be anything could be Google

07:04

ESPN, but the attacker will inject a big D and s entry, so ah, fake I d. And s entry of fate I p will be return, which will then send Thekla I in't to a fake website instead of the real Lipsyte

07:27

Wireless Technologies. There are tons of them

07:30

tons of their tons of things connected to a WiFi and the sailor networks having the most common, obviously a WiFi, Bluetooth and cellular and the thieves were great networks. But the problem is, the transmission of secured

07:47

wireless networks are only a strong is their authentication methods and protocols. And in some cases, the authentication methods and protocol aren't very strong at all.

07:58

So lessons and issues well, the open system authentication is the default authentication protocol for the eight or 2 11 standard. Now the 802 11 standard simply just means it's like the family specifications off wireless networks

08:15

now

08:16

open a system. Authentication can be combined with things such as Web, which is the worId equivalent Pro Privacy Protocol and W P A and W P A. Two. I'm sure you're seeing a bunch of these when you try to connect to WiFi and either a building or

08:33

in your organization and might ask you to pick a security, tell you

08:37

and then if you have, it gives you a drop down menu, and you see some of these drop downs that appear

08:45

now. Webb is, ah, very basic security feature, and it's actually very insecure, and you shouldn't use it all W p A and W P A. Two are better, and they improve usual authentication and data encryption.

09:03

The View p A. To is the normal standard that everyone should be using in terms off. Wireless security,

09:11

like many things, are security. Wireless security is subject to attack. Some of the most common ones are the parking lot attack where organ Our Attackers tried to sit near organization and try to access internal hosts, feed the wireless network. So when there's wireless networks in a building,

09:31

they wireless networks aren't merely confined

09:35

to just the scope of the building right. The wireless network will go out in a circle spreading

09:41

fairly or beyond beyond the actual building. So it's impossible for Attackers to sit in the parking lot of an office building and still get access to the WiFi in there.

09:52

There's also shared key authentication fall. This is really a passing attack that allows eavesdropping on both the challenge and the response. When authenticating to a wireless network, it'd be very easy to break the encryption,

10:09

depending on the time of wireless security that are you are using

10:13

and the service set identify, I says. I default. This is where Attackers can attack access points due to the default configuration. When you have the generic name on your rat WiFi, it basically tells you what the default configuration is, and then from their Attackers can

10:33

leverage different kind of

10:35

attacks to get into your access point.

10:39

In today's lecture, we discussed network based attacks and wireless technologies.

10:46

Quiz Time,

10:46

An attack which deny service is to a computer by overloading it with traffic,

10:52

is a spoofing

10:54

be flooding. See denial of service.

10:58

De shared key authentication fall

11:03

If you said, see denial of service that you are correct.

11:07

Remember, the Nile service happens when there are so many requests or so much information being sent to a computer. That, except we cannot process anymore. And it just stopped processing everything.