Week 6: Reading Summary, Question, and InTheNews

King, T. (2007). “Packet Sniffing In a Switched Environment”, SANS Institute InforSec Reading Room. The article introduces packet sniffing as largely a within network (“internal”) threat to unencrypted and poorly encrypted data traffic that includes user names, passwords and other sensitive data. King illustrates tools and techniques for capturing user names and passwords from data packets communicated within non-switched and switched IT networks. Address Resolution Protocol (ARP) spoofing and poisoning techniques within switched networks are illustrated as a basis for understanding how to conduct “man in the middle” attacks. The author discusses ways of detecting and combating packet sniffing, including network segmentation via virtual LANs (VLANs) and concludes: “the most viable solution to protect against packet sniffing is… to encrypt all network traffic by using IPSec.”

Question for Class: How does segmenting the network via VLANs make packet sniffing and man in the middle attacks more difficult?

News of the Week: Theodoros Arambatzis “DNS Spoofing/ARP poisoning for Advanced SETookit Attacks” walks the reader through techniques for spoofing Facebook’s website (http://centralgeekhub.com/dns-spoofingarp-poisoning/) as an improvement to the tools and methods of website cloning and credential stealing he illustrates in: “How to Acquire a User’s Facebook Credentials, Using the Credential Harvester Attack” (http://centralgeekhub.com/how-to-acquire-a-users-facebook-credentials-using-the-credential-harvester-attack/). These articles are brilliant in their terse illustration of hacking techniques that further apply and extend this weeks’ reading lesson on ARP spoofing in man in the middle attacks.