| The most serious vulnerabilities that affect a Internet connected
system are software or application bugs. Network insecurities are
generally not as important because they do not permit an attacker to
gain privileges on the systems they attack. However, a cracker must
use the network to reach vulnerable systems and a good network
configuration can complicate or prevent an intrusion by forbidding
access to vulnerable systems.
Many systems are not secured against simple network attacks. Perhaps,
in many cases system administrators overlook these types of attacks.
The aim of this article is not to show how to protect a network (it
would otherwise be far too long) but to list ideas and tools which
can be deeply examined.
Before learning cracker's methods, system administrators should ensure
they understand their underlying network infrastructure.
For example, regarding IP over Ethernet :
- What is Ethernet?
- What is IP?
- When and why should we use ARP and RARP?
- How do UDP, TCP, and ICMP become encapsulated into IP packets?
- How does Ethernet pass through hubs, switches, and routers?
- How does IP routing work?
- How does IP fragmentation work?
- What is the usage of the various ICMP error messages?
Once administrators know the basic networking skills, they are better
prepared to deal with common network attacks. Some examples of common
network attacks include:
- Ethernet sniffing: Intercept and record other users sessions.
- ARP flooding: Flood switches and cause a denial of service.
- ARP redirect: Redirect the network traffic through a different computer.
- ARP ping: ARP Request and Reply.
- IP spoofing: Connect in spite of access restrictions.
- IP options: Gather information such as the route, source routing, etc.
- Broadcast IP spoofing: Cause a denial of service through forced replies.
- IP fragmentation: Various kinds of attacks.
- ICMP redirect: Redirect the network traffic.
- TCP hijacking: Do a man in the middle attack.
- TCP sequence number prediction: Attack with blind TCP spoofing.
- TCP state blocking: Various kinds of attacks.
- TCP reset: Denial of service attacks.
- local TCP client port spoofing: For example attacks using the FTP data port.
There is a great deal of documentation and tools that are available on
the Internet on ever kind of network attack.
The free tool lcrzoex can be used to improve your networking skills.
Lcrzoex contains over 150 functions for testing an Ethernet/IP
network. These tests include a sniffer, spoofing, configuration
testing, client and server testing, and many more.
Also available is Lcrzo, the free network library which was used to
create lcrzoex. Lcrzo can easily be used to create network testing
programs.
More informations and the latest version of lcrzoex/lcrzo is available at:
http://www.laurentconstantin.com/us/lcrzo/ [main server]
http://go.to/laurentconstantin/us/lcrzo/ [backup server]
http://laurentconstantin.est-la.com/us/lcrzo/ [backup server]
Depending on the time we can afford to spend learning and practicing
our networking skills, we can decide:
- What is the best security level to reach?
- What is the best architecture for the network?
- What products best fit our needs?
- How our devices should be configured?
Absolute security does not exist, but can be approached using
different methodologies to protect our systems. We should
always secure our network against simple network based attacks.
| 