Access Control on LANs (Local Area Networks)
Corporate devices can connect to LANs through wired (ethernet) or wireless to access servers and internet access routers leading to the Internet. The LAN facilitates the transmission of legitimate traffic among authorized users which could be unencrypted. This setup can be compromised by an attacker who can connect a wall jack in the corporate building to their laptop to gain access to the network via ethernet while a drive-by hacker can connect by radio to an unprotected wireless access point using a high-frequency antenna. With a packet sniffer, the attacker gains access to intercept and read network traffic since they have bypassed the site firewall.
Defending against denial-of-service (DoS) attacks is extremely difficult even after they are detected. Once the attack traffic saturates the connection to a corporate site, legitimate traffic cannot get through. There is little a site can do on its own at that point.
For example, a technique like “black holing” simply drops all packets from the attacker’s IP address. But attackers can easily spoof IP addresses, potentially blocking legitimate users in the process. Rate limiting traffic provides some relief but slows all users. Ultimately DoS attacks require help from upstream Internet service providers and other companies to stop. A DoS attack impacts the Internet community, not just its targeted victim.
While a DoS attack can be crippling while it is actively occurring as a security incident, the effective inclusion, use and configuration of load balancers in the network architecture could reduce the impact of a DoS attack by shedding and reducing the traffic from direct communication between the source (attacker) and the destination (organisation)
Mitigating the impact of DoS attacks requires proactive measures, effective communication, and coordinated responses to protect against disruptions and maintain the stability of Internet services.
The current network environment is very different from the past, where protector and hackers fought in a castle, and now they fight in a building. At the same time, the concept of good people and bad people on the Internet is increasingly blurred.
Well put. The old “castle model” no longer reflects today’s boundary-less networks. More robust identity-based access controls are needed in this “city model” environment with complex insider and outsider access requirements. Multi-layered security technologies and governance must rise to replace outdated, location-centric perimeter defenses.
Address resolution protocol poisoning targets LAN’s traffic within the network so the attacker can reroute the traffic so they can use a man-in-the-middle attack. Now they can do that or completely hurt the system with an ARP DoS attack and the reason why they target this network is because it only works on LAN traffic. It replies to all the hosts on the LAN network except the gateway to tell them that the gateway is somewhere else. It can eventually spoof ARP replies to record false entries in the ARP tables for the gateway and the same goes for all the internal hosts on the network.
I’d assume that the initial process is to know and have the addresses before one can spoof them to connect on the LAN. It might be interesting to understand the process of obtaining the address to give security professionals insight that could inform protection measures.
That is an interesting point because once they have the address they can target whatever they want to that address affecting the system. But how they got the address is interesting and I would think that it could be a variety of ways.
ARP poisoning manipulates LAN traffic for man-in-the-middle or DoS attacks. It misguides network devices about the gateway’s location by sending false ARP replies, causing disruption in the network’s communication.
Networking Concepts: My key points include understanding the concept of a network, different types of networks (LAN, WAN, MAN, PAN), network protocols (TCP/IP, UDP), and the OSI model and network devices like routers, switches, and hubs, IP addressing and subnetting concepts. Chapter 4 Secure Networks: One key takeaway from this reading was the different application of security objectives regarding network security. I like how Boyle and Panko expanded upon the CIA triad. (Confidentiality, Integrity, and availability) framework. The extension of these CIA leads to four broad goals to be considered when creating secure networking. They include availability, confidentiality, functionality, and access controls. Another critical point discussed was the most common network-based attacks (DoS), which attempt to make a server or network unavailable to serve legitimate users by flooding it with attack packets. Also, they said that not all DoS attacks are external. They mention how blaming external attackers on interrupted attackers is easy, even when the problem could have occurred internally. (Faulting Coding).
The emphasis on internal factors contributing to DoS attacks, such as faulty coding, is a crucial point. Acknowledging that not all disruptions are externally induced underlines the need for a holistic security approach that addresses both internal and external threats.
Chapter 4 focuses on the CIA Triad and access control as key elements in establishing a secure environment. A significant point discussed is the nature and impact of DoS attacks, a prevalent form of network-based threat. These attacks aim to disrupt network service, either by halting or slowing it down, thus impacting availability. The chapter outlines various methods of DoS attacks, such as direct/indirect, intermediary reflected, and the use of malformed packets. While DoS attacks are relatively easy to detect, the chapter highlights the challenge in effectively stopping them. The consequences of such attacks include loss of online sales, damage to reputation, decreased productivity, and diminished customer loyalty.
I agree with your summary. It provides Valuable insights into the fundamental concepts of secure networks, implementing effective access control measures, and mitigating the risk of DoS attacks to ensure the availability and integrity of network services.
In this chapter, I learned that creating a secure network involves addressing four goals, namely availability, confidentiality, functionality, and access control.
Availability – Ensure that authorized users can access information, services, etc.
Confidentiality – Prevent unauthorized users from being able to gain information about the network, such as network structure, protocols used, or packet header values.
Functionality – Ensure hackers cannot alter the operation or capabilities of the network.
Access control – Policy-driven control of access to systems, data, and dialogues. Implementing principal of least privillage.
Addressing these four goals is essential for building a robust and secure network infrastructure that protects against various threats and ensures the confidentiality, integrity, and availability of critical resources and information.
Access Control on LANs (Local Area Networks)
Corporate devices can connect to LANs through wired (ethernet) or wireless to access servers and internet access routers leading to the Internet. The LAN facilitates the transmission of legitimate traffic among authorized users which could be unencrypted. This setup can be compromised by an attacker who can connect a wall jack in the corporate building to their laptop to gain access to the network via ethernet while a drive-by hacker can connect by radio to an unprotected wireless access point using a high-frequency antenna. With a packet sniffer, the attacker gains access to intercept and read network traffic since they have bypassed the site firewall.
Like in the James Bond movie, hackers get into the data center and connect to their own computers to manipulate the cameras and so on.
Defending against denial-of-service (DoS) attacks is extremely difficult even after they are detected. Once the attack traffic saturates the connection to a corporate site, legitimate traffic cannot get through. There is little a site can do on its own at that point.
For example, a technique like “black holing” simply drops all packets from the attacker’s IP address. But attackers can easily spoof IP addresses, potentially blocking legitimate users in the process. Rate limiting traffic provides some relief but slows all users. Ultimately DoS attacks require help from upstream Internet service providers and other companies to stop. A DoS attack impacts the Internet community, not just its targeted victim.
While a DoS attack can be crippling while it is actively occurring as a security incident, the effective inclusion, use and configuration of load balancers in the network architecture could reduce the impact of a DoS attack by shedding and reducing the traffic from direct communication between the source (attacker) and the destination (organisation)
Mitigating the impact of DoS attacks requires proactive measures, effective communication, and coordinated responses to protect against disruptions and maintain the stability of Internet services.
The current network environment is very different from the past, where protector and hackers fought in a castle, and now they fight in a building. At the same time, the concept of good people and bad people on the Internet is increasingly blurred.
Well put. The old “castle model” no longer reflects today’s boundary-less networks. More robust identity-based access controls are needed in this “city model” environment with complex insider and outsider access requirements. Multi-layered security technologies and governance must rise to replace outdated, location-centric perimeter defenses.
Address resolution protocol poisoning targets LAN’s traffic within the network so the attacker can reroute the traffic so they can use a man-in-the-middle attack. Now they can do that or completely hurt the system with an ARP DoS attack and the reason why they target this network is because it only works on LAN traffic. It replies to all the hosts on the LAN network except the gateway to tell them that the gateway is somewhere else. It can eventually spoof ARP replies to record false entries in the ARP tables for the gateway and the same goes for all the internal hosts on the network.
I’d assume that the initial process is to know and have the addresses before one can spoof them to connect on the LAN. It might be interesting to understand the process of obtaining the address to give security professionals insight that could inform protection measures.
That is an interesting point because once they have the address they can target whatever they want to that address affecting the system. But how they got the address is interesting and I would think that it could be a variety of ways.
ARP poisoning manipulates LAN traffic for man-in-the-middle or DoS attacks. It misguides network devices about the gateway’s location by sending false ARP replies, causing disruption in the network’s communication.
Networking Concepts: My key points include understanding the concept of a network, different types of networks (LAN, WAN, MAN, PAN), network protocols (TCP/IP, UDP), and the OSI model and network devices like routers, switches, and hubs, IP addressing and subnetting concepts. Chapter 4 Secure Networks: One key takeaway from this reading was the different application of security objectives regarding network security. I like how Boyle and Panko expanded upon the CIA triad. (Confidentiality, Integrity, and availability) framework. The extension of these CIA leads to four broad goals to be considered when creating secure networking. They include availability, confidentiality, functionality, and access controls. Another critical point discussed was the most common network-based attacks (DoS), which attempt to make a server or network unavailable to serve legitimate users by flooding it with attack packets. Also, they said that not all DoS attacks are external. They mention how blaming external attackers on interrupted attackers is easy, even when the problem could have occurred internally. (Faulting Coding).
The emphasis on internal factors contributing to DoS attacks, such as faulty coding, is a crucial point. Acknowledging that not all disruptions are externally induced underlines the need for a holistic security approach that addresses both internal and external threats.
Chapter 4 focuses on the CIA Triad and access control as key elements in establishing a secure environment. A significant point discussed is the nature and impact of DoS attacks, a prevalent form of network-based threat. These attacks aim to disrupt network service, either by halting or slowing it down, thus impacting availability. The chapter outlines various methods of DoS attacks, such as direct/indirect, intermediary reflected, and the use of malformed packets. While DoS attacks are relatively easy to detect, the chapter highlights the challenge in effectively stopping them. The consequences of such attacks include loss of online sales, damage to reputation, decreased productivity, and diminished customer loyalty.
I agree with your summary. It provides Valuable insights into the fundamental concepts of secure networks, implementing effective access control measures, and mitigating the risk of DoS attacks to ensure the availability and integrity of network services.
In this chapter, I learned that creating a secure network involves addressing four goals, namely availability, confidentiality, functionality, and access control.
Availability – Ensure that authorized users can access information, services, etc.
Confidentiality – Prevent unauthorized users from being able to gain information about the network, such as network structure, protocols used, or packet header values.
Functionality – Ensure hackers cannot alter the operation or capabilities of the network.
Access control – Policy-driven control of access to systems, data, and dialogues. Implementing principal of least privillage.
I like the way you have highlighted the goals here, it is a pivotal way to guide security professionals in formulating network security architecture.
Addressing these four goals is essential for building a robust and secure network infrastructure that protects against various threats and ensures the confidentiality, integrity, and availability of critical resources and information.