Book Image

Network Protocols for Security Professionals

By : Yoram Orzach, Deepanshu Khanna

5 (1)

Book Image

Network Protocols for Security Professionals

5 (1)

By: Yoram Orzach, Deepanshu Khanna

Overview of this book

With the increased demand for computer systems and the ever-evolving internet, network security now plays an even bigger role in securing IT infrastructures against attacks. Equipped with the knowledge of how to find vulnerabilities and infiltrate organizations through their networks, you’ll be able to think like a hacker and safeguard your organization’s network and networking devices. Network Protocols for Security Professionals will show you how. This comprehensive guide gradually increases in complexity, taking you from the basics to advanced concepts. Starting with the structure of data network protocols, devices, and breaches, you’ll become familiar with attacking tools and scripts that take advantage of these breaches. Once you’ve covered the basics, you’ll learn about attacks that target networks and network devices. Your learning journey will get more exciting as you perform eavesdropping, learn data analysis, and use behavior analysis for network forensics. As you progress, you’ll develop a thorough understanding of network protocols and how to use methods and tools you learned in the previous parts to attack and protect these protocols. By the end of this network security book, you’ll be well versed in network protocol security and security countermeasures to protect network protocols.

Preface

Who this book is for

What this book covers

Download the color images

Conventions used

Share your thoughts

Download a Free PDF copy of this book

Part 1: Protecting the Network – Technologies, Protocols, Vulnerabilities, and Tools

Part 1: Protecting the Network – Technologies, Protocols, Vulnerabilities, and Tools

Free Chapter

Chapter 1: Data Centers and the Enterprise Network Architecture and its Components

Chapter 1: Data Centers and the Enterprise Network Architecture and its Components

Exploring networks and data flows

The data center, core, and user networks

Switching (L2) and routing (L3) topologies

The network perimeter

The data, control, and management planes

Cloud connectivity

Type of attacks and where they are implemented

Chapter 2: Network Protocol Structures and Operations

Chapter 2: Network Protocol Structures and Operations

Data network protocols and data structures

Layer 2 protocols – STP, VLANs, and security methods

Layer 3 protocols – IP and ARP

Routers and routing protocols

Layer 4 protocols – UDP, TCP, and QUIC

Encapsulation and tunneling

Chapter 3: Security Protocols and Their Implementation

Chapter 3: Security Protocols and Their Implementation

Security pillars – confidentiality, integrity, and availability

Encryption basics and protocols

Public key infrastructure and certificate authorities

Authentication basics and protocols

Authorization and access protocols

Hash functions and message digests

IPSec and key management protocols

SSL/TLS and proxies

Network security components – RADIUS/TACACS+, FWs, IDS/IPSs, NAC, and WAFs

Chapter 4: Using Network Security Tools, Scripts, and Code

Chapter 4: Using Network Security Tools, Scripts, and Code

Commercial, open source, and Linux-based tools

Information gathering and packet analysis tools

Vulnerability analysis tools

Exploitation tools

Stress testing tools

Network forensics tools

Chapter 5: Finding Protocol Vulnerabilities

Chapter 5: Finding Protocol Vulnerabilities

Black box, white box, and gray box testing

Black box and fuzzing

Common vulnerabilities

Crash analysis – what to do when we find a bug

Part 2: Network, Network Devices, and Traffic Analysis-Based Attacks

Part 2: Network, Network Devices, and Traffic Analysis-Based Attacks

Chapter 6: Finding Network-Based Attacks

Chapter 6: Finding Network-Based Attacks

Planning a network-based attack

Active and passive attacks

Reconnaissance and information gathering

Network-based DoS/DDoS attacks and flooding

L2-based attacks

L3- and ARP-based attacks

Chapter 7: Detecting Device-Based Attacks

Chapter 7: Detecting Device-Based Attacks

Network devices' structure and components

Attacks on the management plane and how to defend against them

Attacks on the control plane and how to defend against them

Attacks on the data plane and how to defend against them

Attacks on system resources

Chapter 8: Network Traffic Analysis and Eavesdropping

Chapter 8: Network Traffic Analysis and Eavesdropping

Packet analysis tools – Wireshark, TCPdump, and others

Python/Pyshark for deep network analysis

Advanced packet dissection with LUA

ARP spoofing, session hijacking, and data hijacking tools, scripts, and techniques

Packet generation and replaying tools

Chapter 9: Using Behavior Analysis and Anomaly Detection

Chapter 9: Using Behavior Analysis and Anomaly Detection

Collection and monitoring methods

Establishing a baseline

Typical suspicious patterns

Part 3: Network Protocols – How to Attack and How to Protect

Part 3: Network Protocols – How to Attack and How to Protect

Chapter 10: Discovering LAN, IP, and TCP/UDP-Based Attacks

Chapter 10: Discovering LAN, IP, and TCP/UDP-Based Attacks

Layer 2 attacks – how to generate them and how to protect against them

ICMP-based attacks, ping scans, the ping of death, and L3 DDoS

Layer 4 TCP and UDP attacks

TCP sequence attacks and session hijacking attacks

Chapter 11: Implementing Wireless Network Security

Chapter 11: Implementing Wireless Network Security

Wireless standards, protocols, and encryption standards

Sniffing wireless networks

Packet injection

Discovering hidden SSIDs

Compromising open authentication wireless networks

WLAN encryptions and their corresponding flaws and attacks

Network jamming – DOS/DDOS wireless network attacks

Evil twin attack – honeypots

Person-in-the-Middle (PITM) attacks

Implementing a secure wireless architecture

Chapter 12: Attacking Routing Protocols

Chapter 12: Attacking Routing Protocols

IGP standard protocols – the behaviors RIP (brief), OSPF, and IS-IS

Falsification, overclaiming, and disclaiming

DDOS, mistreating, and attacks on the control plane

Routing table poisoning and attacks on the management plane

Traffic generation and attacks on the data plane

How to configure your routers to protect

BGP – protocol and operation

Chapter 13: DNS Security

Chapter 13: DNS Security

The DNS protocol, behavior, and data structure

DNS attack discovery – tools and analysis

Attacks on DNS resources – DNS flooding, NX records, and subdomains

Attacks on a service – domain spoofing and hijacking, or cache poisoning

Using DNS to bypass network controls – DNS tunneling

Chapter 14: Securing Web and Email Services

Chapter 14: Securing Web and Email Services

HTTP and HTTP2 protocol behavior, data structure, and analysis

HTTPS protocol behavior, data structure, and analysis

Web vulnerabilities and exploitation

Email protocols and loopholes

Countermeasures and defense

Chapter 15: Enterprise Applications Security – Databases and Filesystems

Chapter 15: Enterprise Applications Security – Databases and Filesystems

Microsoft network protocols – NetBIOS, SMB, and LDAP operations, vulnerabilities, and exploitation

Database network protocols – TDS and SQLNet operations

Attacking SQL databases

Countermeasures to protect network protocols and databases

Chapter 16: IP Telephony and Collaboration Services Security

Chapter 16: IP Telephony and Collaboration Services Security

IP telephony – protocols and operations

IP telephony penetration testing lab setup

IP telephony penetration testing methodology

IP telephony security and best practices

Assessments

Index

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share your thoughts

Download a Free PDF copy of this book

Customer Reviews

5 (1)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

Exploring networks and data flows

Network architecture is about how the building blocks of the networks are connected; data flows are about the information that flows through the network.

Understanding the network architecture will assist us in understanding the weak points of the network. Data flows can be manipulated by attackers to steal information from the network. By diverting them in the attacker's direction, the attacker can watch information running through the network and steal valuable information.

To eliminate this from happening, you must understand the structure of your network and the data that flows through it. A typical data network is built out of three parts:

The data center, which holds the organization's servers and applications.
The core network, which is the part of the network that is used to connect all the parts of the network, including the user's network, the data centers, remote networks, and the internet.
The user's network, which is the part of the network that is used for the user's connectivity. The user network is usually based on the distribution and access networks.

These parts are illustrated in the following diagram:

Figure 1.1 – Typical enterprise network

Figure 1.1 – Typical enterprise network

In the top-left corner, we can see the main data center, DC-1. The user's network is located in the data center site; that is, USERS-1. In the top-right corner, we can see a secondary data center, DC-2, with a user's network located on the secondary data center site. The two data centers are connected to the internet via two firewalls, which are located in the two data centers.

In the center of the diagram, we can see the Wide Area Network (WAN) connectivity, which includes the routers that connect to the Service Provider's (SP's) network and the SP network that establishes this connectivity.

In the lower part of the diagram, we can see the remote sites that connect to the center via the SP network.

Now, let's focus on the protocols and technologies that are implemented on each part of the network.