Network Security Notes::About Network Security, Network Labs, Cisco, Microsoft...: April 2009

Monday, 27 April 2009

Routing Protocol Authentication

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!

What is Routing Protocol?

A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network, the choice of the route being done by routing algorithms. Each router has a prior knowledge only of networks attached to it directly. A routing protocol shares this information first among immediate neighbors, and then throughout the network. This way, routers gain knowledge of the topology of the network.

The term routing protocol may refer specifically to one operating at layer three of the OSI model, which similarly disseminates topology information between routers.

Many routing protocols used in the public Internet are defined in documents called RFCs.

There are two major types of routing protocols, some with variants: link-state routing protocols and (path vector protocols) distance-vector routing protocols.

The specific characteristics of routing protocols include:

-the manner in which they either prevent routing loops from forming or break them up if they do

-the manner in which they select preferred routes, using information about hop costs

-the time they take to converge

-how well they scale up

-many other factors

Routing protocol authentication?

Routing protocol authentication prevents the introduction of false or unauthorized routing messages from unapproved sources. With authentication configured, the router will authenticate the source of each routing protocol packet that it receives from its neighbors. Routers exchange an authentication key or a password that is configured on each router. The key or password must match between neighbors.

There are two types of routing protocol authentication: plain text authentication and Message Digest 5 (MD5) authentication.

1.Plain text authentication is generally not recommended because the authentication key is sent across the network in clear text, making plain text authentication susceptible to eavesdropping attempts.

2.MD5 authentication creates a hash value from the key; the hash value instead of the actual password is exchanged between neighbors, preventing the password from being read because the hash, not the password, is transmitted across the network.

If you like this post, please subscribe below,thanks!

Wednesday, 15 April 2009

Securing your network with SNMP

After my previous post about Physical and Logical security, today I want to show you about securing the network with SNMP.

What is SNMP?

SNMP stands for Simple Network Management Protocol, is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is alsow known as an application−layer protocol that helps to facilitate the exchange of management information between network devices. SNMP helps network administrators to manage network performance, and troubleshoot network problems, and plan for network growth.

3 basic components of SNMP:

An SNMP-managed network consists of three key components:

1. Managed devices: A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be any type of device including, but not limited to, routers, access servers, switches, bridges, hubs, IP telephones, computer hosts, and printers.

2. Agents: An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.

3. Network-management stations (NMSs): An NMS executes applications that monitor and control managed devices.NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network.

An SNMP managed device has various access levels:

+Read−only: Allows read access of the Management Information Base (MIB) on the managed device.

+Read/write: Allows read and write access of the Management Information Base on the managed device.

+Write−only: Allows write access of the Management Information Base on the managed
device.

Cisco IOS software supports 3 versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3.

SNMPv1 and SNMPv2c

These two versions use a community based form of security. The group of managers eables to access the agent is defined by an access list and password.

How about SNMPv2c?

SNMPv2c support includes a bulk retrieval echanism and more detailed error message reporting to management stations. The bulk retrieval mechanism supports the retrieval of large quantities of information, minimizing the number of polls required. The SNMPv2c improved error handling support includes a larger number of error codes that distinguish different kinds of error conditions. Error return codes in SNMPv2c report the error type.

How is SNMPv3?

SNMPv3 provides for both security models and security levels. A security model is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level will determine which security mechanism is employed when an SNMP packet is handled.

==>You can read more about SNMP at http://www.cisco.com/en/US/docs/internetworking/technology/handbook/SNMP.html

Other sites you may want to see:

Entertainment on Flixya: http://visalittleboy.flixya.com/
WWE: http://visa-wwe.blogspot.com/
The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/
Daily Blogging: http://visablogging.blogspot.com/
Love Sharing: http://visa-love.blogspot.com/
NetworkSecurity: http://networksecuritynotes.blogspot.com/
About Insurance:http://visa-insurance.blogspot.com
All about Love: http://visa-love.blogspot.com/
Learning English Online: http://visa-elb.blogspot.com/
Discovery Internet: http://visa-isp.blogspot.com/

If you like this post, please subscribe below,thanks!

Sunday, 5 April 2009

Setting Banner Messages

Router(config)#banner motd #
*********************************************
UNAUTHORIZED ACCESS PROHIBITED!
*********************************************
#

You can use banner messages to issue statements to users, indicating who is and who is not allowed access into the router. Banner messages should indicate the seriousness of an attempt to gain unauthorized access into the device and should never reflect to the user that gaining unauthorized access is acceptable. If possible, recite certain civil and federal laws that are applicable to unauthorized access and let users know what the punishment would be for accessing the device without express written permission. If possible, have certified legal experts within the company review the banner message.

If you like this post, please subscribe below,thanks!

Configuring Password Encryption

All Cisco console and Telnet passwords configured on the router are stored in plain text within the configuration of the router by default, thus making them easily readable. If someone issues the show running−config privileged mode command, the password is displayed. Another instance when the password can easily be read is if you store your configurations on a TFTP server, the intruder only needs to gain access into the TFTP machine, after which the intruder can read the
configuration with a simple text editor. Password encryption stores passwords in an encrypted manner on the router. The encryption is applied to all configured passwords on the router.

If you like this post, please subscribe below,thanks!

Disabling Password Recovery

Setting passwords is the first line of defense against intruders. Sometimes passwords are forgotten and must be recovered. All Cisco password recovery procedures dictate that the user performs the password recovery process from the console port of the router or switch. There are, however, certain circumstances in which the widely available password recovery procedure should be disabled. One such circumstance is an emergency Add, Move, or Change (AMC), whereby a
networking device needs to be in a location that does not have the proper mechanisms in place for physical security, thus allowing an intruder a greater chance of circumventing traditional security measures.

If you like this post, please subscribe below,thanks!

Setting Privilege Levels

Privilege levels associate router commands with each security level configured on the router. This allows for a finer granularity of control when restricting user access. There are 16 privilege levels contained within the router operating system. Level 2 to level 14 are customizable and allow you to configure multiple privilege levels and multiple passwords to enable certain users to have access to specific commands.

But most users of Cisco routers are familiar with only two privilege levels:

User EXEC mode — privilege level 1

Privileged EXEC mode — privilege level 15

When you log in to a Cisco router under the default configuration, you’re in user EXEC mode (level 1). From this mode, you have access to some information about the router, such as the status of interfaces, and you can view routes in the routing table. However, you can’t make any changes or view the running configuration file.

Because of these limitations, most Cisco router users immediately type enable to get out of user EXEC mode. By default, typing enable takes you to level 15, privileged EXEC mode. In the Cisco IOS, this level is equivalent to having root privileges in UNIX or administrator privileges in Windows. In other words, you have full access to the router.

If you like this post, please subscribe below,thanks!

Securing Telnet Access

Telnet (Telecommunication network) is a network protocol used on the Internet or local area networks. It was developed in 1969 beginning with RFC 15 (Request For Comments 15 ) and standardized as IETF (Internet Engineering Task Force) STD 8, one of the first Internet standards. Typically, Telnet provides access to a command-line interface on a remote machine.

Telnet is a protocol that allows a user to establish a remote connection to a device. After connected to the remote device, you are presented with a screen that is identical to the screen that would be displayed if you were directly connected to the console port. Telnet ports on a router are referred to as virtual terminal ports. Telnet is really no different from a console connection, and as such, the

proper logical security mechanisms should be put into place to ensure that only responsible personnel are allowed Telnet access. Virtual terminal ports support many different methods for authenticating a user and allowing access. Some of the methods are included in the following list:

· Vty password
· Local user database
· TACACS+
· RADIUS

If you like this post, please subscribe below,thanks!

Securing Console Access

It's important to put the proper physical security mechanisms into place. If the proper physical

security mechanisms are not in place, an intruder could potentially bypass all other logical security mechanisms and gain access to the device. If an intruder can gain access to the administrative interface of the router, he could view and change the device's configuration and gain access to other networking equipment. The first thing you should do to prevent intruders from accomplishing is to set a console password. If the intruder has already gained physical access to the device, he'll attempt to gain network access through the console port first. The console port supports many different methods for authenticating a user and allowing access, some of which are listed here:
· Console password
· Local user database
· TACACS+ (Terminal Access Controller Access-Control System Plus) : is a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services.
· RADIUS(Remote Authentication Dial In User Service) : is a networking protocol that provides centralized access, authorization and accounting management for people or computers to connect and use a network service. When a person or device connects to a network often "Authentication" is required. Networks or services not requiring authentication are said to be anonymous or open.

If you like this post, please subscribe below,thanks!

Friday, 3 April 2009

Physical and Logical Security

Physical and logical security staffs, both tasked with protecting enterprise assets, are seeing increased technology and budgetary overlaps.

Physical and logical security include the following:

. Securing console access
· Securing Telnet access
· Setting privilege levels
· Disabling password recovery
· Configuring password encryption
· Setting banner messages

If you like this post, please subscribe below,thanks!

Thursday, 2 April 2009

Enterprise Security Policy and Audits

The main purpose of a security policy is to inform anyone that uses the enterprise's network of the requirements for protecting the enterprise's technology and information assets.

A security policy should not determine how an enterprise operates; instead, the business of the enterprise should dictate how a security policy is written. Business opportunities are what drive the need for security in the first place.

The policy should contain:

1.Acceptable use policy—Spells out what users are allowed and not allowed to do on the various components within the network; this includes the type of traffic allowed on the network. The policy should be as explicit as possible to avoid any ambiguity or misunderstanding.

2.Remote access policy—Spells out to users acceptable or unacceptable behavior when they have connected to the enterprise via the Internet, a dial−up connection, a virtual private network (VPN), or any other method of remote connectivity.

3.Incident handling policy—Addresses planning and developing procedures to handle incidents before they occur. The incident handling policy can be contained within the actual security policy.

4.Internet access policy—Defines what the enterprise considers to be ethical, proper use of its Internet connection.

5.Email policy—Defines the acceptable use of the enterprise's email systems, including personal emails and Web−based email.

6.Physical security policy—Defines controls that pertain to physical device security and access.

After you've completed the enterprise security policy, the last step is to perform regular audits. Audits not only give you a baseline by which to judge what is deemed as normal activity or network behavior, they also, in many cases, produce results that will be the first alert in the detection of a security breach. Noticing unusual events within the network can help to catch intruders before they can cause any further damage.

If you like this post, please subscribe below,thanks!

Types of Threats

The methods hackers and crackers use to gain unauthorized access into network devices are known as threats.

1.Unauthorized access—A network intruder can gain unauthorized access to networking devices through a variety of means, three of which are as follows:

Physical—If attackers have physical access to a machine, more often than not, they will be able to get in. The techniques used to gain access range from accessing the device via the console to physically taking apart the system.

System—System access assumes that the intruder already has a user account on the system. Proper privileges should be granted to the user such that he or she is authenticated and authorized only to do that which is deemed to be a function of his or her job duties.

Remote—Remote access involves intruders who attempt to penetrate the system remotely from across the Internet, through a dial−up connection, or on local or wide area network. This type of intruder usually has no account privileges.

2.Eavesdropping—Eavesdropping is used to capture TCP/IP or other protocol packets, thus allowing the intruder to decode the contents of the packet using a protocol analyzer. "Packet sniffing" is a more common term used to describe the act of eavesdropping. Eavesdropping leads to information theft, like stolen credit card and social security numbers.

3.Data manipulation—Data manipulation is simply the act of altering files on computers, vandalizing a Web site, or replacing FTP files.

4.Protocol weakness—The most−used protocol in circulation today is TCP/IP. This protocol was designed a long time ago. As a result, a number of its design flaws can lead to possible security problems, such as smurf attacks, IP spoofing, TCP sequence number prediction, and SYN floods. The IP protocol itself is a very trusting protocol; therefore, hackers are free to forge and change IP data.

5.Session replay—Intruders can eavesdrop on one or more users involved in a communication session and manipulate the data in such a manner according to the hack they are trying to perform.

These are just some types of security threats to give you a general idea of the number and types of methods intruders have at their disposal.

If you like this post, please subscribe below,thanks!

Network Security Notes::About Network Security, Network Labs, Cisco, Microsoft...

Link Promotion

Categories

My Community

Counter

Popular Posts

Monday, 27 April 2009

Routing Protocol Authentication

Wednesday, 15 April 2009

Securing your network with SNMP

Sunday, 5 April 2009

Setting Banner Messages

Configuring Password Encryption

Disabling Password Recovery

Setting Privilege Levels

Securing Telnet Access

Securing Console Access

Friday, 3 April 2009

Physical and Logical Security

Thursday, 2 April 2009

Enterprise Security Policy and Audits

Types of Threats

Subscribe posts

Recent Posts

Site Links

Blog Archive

My Blog List

Live Traffic Feed