Scribd
Upload
109 views36 pages

Computer Security and Penetration Testing: Hacking Network Devices

This document discusses vulnerabilities in network devices like proxy servers, routers, switches, firewalls and VPNs that can be exploited by attackers. It describes common attacks like denial-of-service attacks, session hijacking and spoofing. The document provides examples of how default passwords and unsecured remote access can allow attackers to gain control of network devices. It emphasizes that network security requires securing all access points and controlling both inbound and outbound traffic.

Uploaded by

Osei Sylvester
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
109 views36 pages

Computer Security and Penetration Testing: Hacking Network Devices

This document discusses vulnerabilities in network devices like proxy servers, routers, switches, firewalls and VPNs that can be exploited by attackers. It describes common attacks like denial-of-service attacks, session hijacking and spoofing. The document provides examples of how default passwords and unsecured remote access can allow attackers to gain control of network devices. It emphasizes that network security requires securing all access points and controlling both inbound and outbound traffic.

Uploaded by

Osei Sylvester
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 36

Computer Security and Penetration

Testing

Chapter 9
Hacking Network Devices
Objectives
• Identify the vulnerabilities of proxy servers
• Identify the vulnerabilities of routers and switches
• Identify the vulnerabilities of firewalls
• Identify the vulnerabilities of virtual private networks
(VPNs)

Computer Security and Penetration Testing 2


Proxy Servers

• Perform the following functions


– Restrict users from accessing specific Web sites
using Internet access rules
– Mask the IP of the users’ PCs within the network from
outside connections
– Maintain logs of the requests and the details of users
that are accessing the Internet
– Maintain a cache of the sites that users on the
network have visited

Computer Security and Penetration Testing 3


Computer Security and Penetration Testing 4
Proxy Servers (continued)

• A proxy server is simple to install


– It is often part of the operating system of a server
• A proxy server is simple to use
– And is often included in router and firewall software
• The user interacting via the proxy server is hidden
– But can be traced through the log stored on the proxy
server

Computer Security and Penetration Testing 5


Categories of Attacks

• Attacks groups:
– Attacks made upon proxy servers
– Attacks made through proxy servers
• Attacks made through proxy servers include
– Buffer overflow attacks
– Denial-of-service attacks
– Session-hijacking attacks

Computer Security and Penetration Testing 6


Categories of Attacks (continued)

• Concealed identity
– Proxy servers hide a user’s real identity
– Hackers use this model to perform hacking operations
anonymously
– Hacker’s IP and time of attack is, however,
maintained on the proxy server
– Two ways to avoid this logging problem
• Hacker might use a chain of proxy servers
• Hacker can spoof the valid authentication details of a
network

Computer Security and Penetration Testing 7


Categories of Attacks (continued)

Computer Security and Penetration Testing 8


Categories of Attacks (continued)

Computer Security and Penetration Testing 9


Routers and Switches
• Routers and switches both segment a network
– And most can filter packets
• Switches are considered to have lower security than
routers
• Switches are often viewed as internal network
components
– With the advent of VLAN technology on switches
• Some networks are being designed with gateway
switches
• VLANs are a form of logical network segmentation

Computer Security and Penetration Testing 10


Routers and Switches (continued)

Computer Security and Penetration Testing 11


Attacks on Routers and Switches

• If the attacker has access to the console port of the


router
– He can easily set a remote user for the router or
switch
• Configuration Procedure example
– Passwords are configured for users attempting to
connect to the router on the VTY lines using Telnet
• Default password for Cisco routers is admin/admin
– See Table 9-1

Computer Security and Penetration Testing 12


Computer Security and Penetration Testing 13
Router Exploits
• Port scans are used to discover whether ports are
open, what applications are using the ports
– And even the operating system of the system being
scanned
• Hackers can perform many attacks on routers and
switches remotely
• Some basic router attacks
– Denial-of-Service (DoS) Attack
– Distributed Denial-of-Service (DDoS) Attack
– Route Table Modification Attack

Computer Security and Penetration Testing 14


Computer Security and Penetration Testing 15
Router Exploits (continued)

Computer Security and Penetration Testing 16


Firewalls
• Often considered the ultimate one-point solution for
securing networks
– From both internal and external threats
• Main function of a firewall
– Centralize access control for the network by keeping
an eye on both inbound and outbound traffic
– Preventing unauthorized users and malicious code
from entering a network
• Some firewalls can filter the packets on the
application layer

Computer Security and Penetration Testing 17


Firewalls (continued)
• Firewalls are designed to be transparent to
authorized network users
– And very intrusive to unauthorized users

Computer Security and Penetration Testing 18


Firewalls (continued)

Computer Security and Penetration Testing 19


Limitations of Firewalls
• Limitations
– Firewalls have a limited ability to check data integrity
– Firewalls cannot filter packets that are not sent
through them
– Firewalls from different vendors may not work well
together
– Firewalls do not provide robust support for application
security
– Firewalls do not provide a complete solution for
stopping malicious code from entering a network

Computer Security and Penetration Testing 20


Limitations of Firewalls (continued)
• Limitations (continued)
– Firewalls may not detect attacks if they are not
configured properly
– Firewalls cannot detect hackers using a valid
username and password
– Firewalls are effective only if security policies are
established and enforced

Computer Security and Penetration Testing 21


Types and Methods of Firewall Attacks
• Firewall attacks can be organized into three
categories
– Spoofing
– Session hijacking
– Denial of service
• Three basic methods to hack a firewall:
– Back doors
– Root access
– Through the Web

Computer Security and Penetration Testing 22


Types and Methods of Firewall Attacks
(continued)
• Back doors
– An alternate method used by hackers to access a
network
– After an attack, a hacker may leave an alternate route
that can be used to hack the network again
– Two ways to restore a computer after an attack:
• Format the computer and reinstall the data
• Fix the bug used by the hacker to access the computer
– Using various techniques, a hacker can lure or fool a
user into creating a back door

Computer Security and Penetration Testing 23


Types and Methods of Firewall Attacks
(continued)

Computer Security and Penetration Testing 24


Types and Methods of Firewall Attacks
(continued)
• Root access
– Used when hackers want to return to a network and
manipulate its data
• By using root or administrative access
– Hacker attempts to gain this access by either using a
back door to sniff the passwords
• Or by using some other programming code to hijack a
session
– Hacker installs a rootkit that is used for a variety of
purposes

Computer Security and Penetration Testing 25


Types and Methods of Firewall Attacks
(continued)

Computer Security and Penetration Testing 26


Types and Methods of Firewall Attacks
(continued)
• Through the Web
– Hacker can break into a firewall through the Web in
many ways
• Since the majority of firewalls permit access to remote
Web servers
– Search engines can be used to find information about
particular firewalls
• A firewall should be considered one piece of the
multitier security solution for your organization

Computer Security and Penetration Testing 27


VPNs
• Virtual private network (VPN)
– Allows employees to access their company’s network
from a remote location
• Using the Internet as a transport vehicle
– VPN uses protocols like point-to-point tunneling
(encrypted data tunneling)
• To send and receive information over the network

Computer Security and Penetration Testing 28


Computer Security and Penetration Testing 29
Threats through VPN
• Attacks on a company’s network through a VPN are
often indirect
– And a result of successfully hacking a remote user’s
computer
• If a VPN connection is sometimes used on the
compromised computer
– The hacker can acquire the necessary information

Computer Security and Penetration Testing 30


Threats through VPN (continued)
• A VPN connection of a valid user can be used to
perform many attacks on a network, including
– DoS, session hijacking, and spoofing

Computer Security and Penetration Testing 31


Ways to Safeguard the Network from
Attacks through VPNs
• Basic steps for safeguarding the VPN links
– Protect your home computer’s physical environment
– Do not use the “save” function for VPN passwords
– Install a host-based (personal) firewall on the remote
computer
– Install a host-based intrusion detection system (IDS)
on the remote computer

Computer Security and Penetration Testing 32


Ways to Safeguard the Network from
Attacks through VPNs (continued)
• Basic steps for safeguarding the VPN links
(continued)
– Install antivirus software
– Perform more than one level of security checks
– Audit the personal computers of remote users
– Require username/password entry to remote
computers

Computer Security and Penetration Testing 33


Summary
• Network devices like proxy servers, routers,
switches, firewalls, and VPNs are often targeted by
attackers
• Networking software can be divided into three
categories: security software, connection software,
and transport software
• Networking devices allow the computers on a
network to interact with each other
• Proxy servers restrict users from accessing specific
Web sites

Computer Security and Penetration Testing 34


Summary (continued)
• Attacks made through proxy servers include buffer
overflow attacks, denial-of-service attacks, and
session-hijacking attacks
• Routers and switches are used to segment a network
• If a hacker has access to the console port of the
router, he can easily set a remote user for the router
or switch
• Attacks made on routers include DoS attacks, DDoS
attacks, and route table modification
• Firewalls centralize access control for the network

Computer Security and Penetration Testing 35


Summary (continued)
• Firewall have several liabilities
• Types of firewall attacks include spoofing, session
hijacking, and denial-of-service (DoS) attacks
• Firewall hacking methods include back doors, root
access, and Web access
• Virtual private networks (VPNs) allow users to
securely access their network from a remote location
through the Internet
• Threats through VPN are considered indirect attacks

Computer Security and Penetration Testing 36

You might also like