Introduction to Network

Security Weaknesses
Security Weaknesses in Hubs

•Broadcast Nature: Hubs broadcast data to all connected devices,

increasing the risk of data interception.
•No Intelligence: Lack of processing intelligence to differentiate
data packets.
Mitigation:
•Use switches instead of hubs.
•Implement network segmentation.
Security Weaknesses in Switches

•MAC Flooding Attack: Overloads the switch's MAC table, causing it

to broadcast traffic on all ports.
•VLAN Hopping: Attacker gains access to traffic on different VLANs.
Mitigation:
•Use port security to limit the number of MAC addresses per port.
•Implement VLAN tagging and restrict VLAN access.
Security Weaknesses in Routers

•Default Credentials: Many routers come with default

credentials that are easily guessable.
•Routing Table Poisoning: Maliciously altering the routing tables.
•Mitigation:
•Change default credentials immediately.
•Use routing protocol authentication.
Security Weaknesses in WiFi

•Weak Encryption: Older protocols like WEP are easily breakable.

•Rogue Access Points: Unauthorized access points mimic legitimate ones.
•Mitigation:
•Use WPA3 encryption.
•Regularly scan for and disable rogue access points.
Security Solutions for Networking Protocols

•IPSec: Secures IP communications by authenticating and

encrypting each IP packet.
•HTTPS: Encrypts data between the web server and the client,
preventing eavesdropping.
•SSL/TLS: Provides a secure channel over an unsecured network.
IPSec

•Authentication Header (AH): Provides data integrity and origin

authentication.
•Encapsulating Security Payload (ESP): Provides confidentiality, along
with data integrity and origin authentication.
•Use Cases: Secure VPNs, secure remote access.
HTTPS
•SSL/TLS Protocol: Secures communications between web
browsers and servers.
•Public Key Infrastructure (PKI): Manages encryption keys
and digital certificates.
•Use Cases: Secure online transactions, protect sensitive
data.
Security Solutions for Networking Devices

•VLAN (Virtual Local Area Network): Segments network traffic to

isolate sensitive data.
•VPN (Virtual Private Network): Creates a secure tunnel over an
unsecured network.
•Ingress Filtering: Blocks incoming traffic from malicious sources.
VLAN
•Traffic Segmentation: Isolates network traffic to improve security.
•Access Control: Restricts access to sensitive resources based on VLAN.
•Best Practices: Implement VLAN tagging and restrict VLAN trunking.
VPN
•Encryption: Encrypts data transmitted over public networks.
•Authentication: Ensures that only authorized users can access
the VPN.
•Use Cases: Secure remote access, secure site-to-site
connections.
Ingress Filtering
•Traffic Filtering: Blocks malicious or suspicious incoming traffic.
•IP Spoofing Prevention: Ensures that incoming packets have a
legitimate source address.
•Best Practices: Configure router and firewall rules to enforce ingress
filtering.
Thank You