Book Image

Network Protocols for Security Professionals

By : Yoram Orzach, Deepanshu Khanna
5 (1)
Book Image

Network Protocols for Security Professionals

5 (1)
By: Yoram Orzach, Deepanshu Khanna

Overview of this book

With the increased demand for computer systems and the ever-evolving internet, network security now plays an even bigger role in securing IT infrastructures against attacks. Equipped with the knowledge of how to find vulnerabilities and infiltrate organizations through their networks, you’ll be able to think like a hacker and safeguard your organization’s network and networking devices. Network Protocols for Security Professionals will show you how. This comprehensive guide gradually increases in complexity, taking you from the basics to advanced concepts. Starting with the structure of data network protocols, devices, and breaches, you’ll become familiar with attacking tools and scripts that take advantage of these breaches. Once you’ve covered the basics, you’ll learn about attacks that target networks and network devices. Your learning journey will get more exciting as you perform eavesdropping, learn data analysis, and use behavior analysis for network forensics. As you progress, you’ll develop a thorough understanding of network protocols and how to use methods and tools you learned in the previous parts to attack and protect these protocols. By the end of this network security book, you’ll be well versed in network protocol security and security countermeasures to protect network protocols.

Related Content you might be interested in

Current Title:

Small book image
Network Protocols for Security Professionals
Yoram Orzach | Deepanshu Khanna
Oct, 2022 | 580 pages
Small book image
Network Analysis using Wireshark 2 Cookbook
Yoram Orzach | Nagendra Kumar Nainar | Yogesh Ramdoss
Mar, 2018 | 626 pages
Small book image
CCNA Security 210-260 Certification Guide
Glen D Singh | Vijay Anandh | Michael Vinod
Jun, 2018 | 518 pages
Small book image
Wireshark 2 Quick Start Guide
Charit Mishra
Jun, 2018 | 164 pages
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
Download the color images
Conventions used
Get in touch
Share your thoughts
Download a Free PDF copy of this book
1
Part 1: Protecting the Network – Technologies, Protocols, Vulnerabilities, and Tools
Part 1: Protecting the Network – Technologies, Protocols, Vulnerabilities, and Tools
Free Chapter
2
Chapter 1: Data Centers and the Enterprise Network Architecture and its Components
Chapter 1: Data Centers and the Enterprise Network Architecture and its Components
Exploring networks and data flows
The data center, core, and user networks
Switching (L2) and routing (L3) topologies
The network perimeter
The data, control, and management planes
SDN and NFV
Cloud connectivity
Type of attacks and where they are implemented
Summary
Questions
3
Chapter 2: Network Protocol Structures and Operations
Chapter 2: Network Protocol Structures and Operations
Data network protocols and data structures
Layer 2 protocols – STP, VLANs, and security methods
Layer 3 protocols – IP and ARP
Routers and routing protocols
Layer 4 protocols – UDP, TCP, and QUIC
Encapsulation and tunneling
Summary
Questions
4
Chapter 3: Security Protocols and Their Implementation
Chapter 3: Security Protocols and Their Implementation
Security pillars – confidentiality, integrity, and availability
Encryption basics and protocols
Public key infrastructure and certificate authorities
Authentication basics and protocols
Authorization and access protocols
Hash functions and message digests
IPSec and key management protocols
SSL/TLS and proxies
Network security components – RADIUS/TACACS+, FWs, IDS/IPSs, NAC, and WAFs
Summary
Questions
5
Chapter 4: Using Network Security Tools, Scripts, and Code
Chapter 4: Using Network Security Tools, Scripts, and Code
Commercial, open source, and Linux-based tools
Information gathering and packet analysis tools
Vulnerability analysis tools
Exploitation tools
Stress testing tools
Network forensics tools
Summary
Questions
6
Chapter 5: Finding Protocol Vulnerabilities
Chapter 5: Finding Protocol Vulnerabilities
Black box, white box, and gray box testing
Black box and fuzzing
Common vulnerabilities
Fuzzing tools
Crash analysis – what to do when we find a bug
Summary
Questions
7
Part 2: Network, Network Devices, and Traffic Analysis-Based Attacks
Part 2: Network, Network Devices, and Traffic Analysis-Based Attacks
8
Chapter 6: Finding Network-Based Attacks
Chapter 6: Finding Network-Based Attacks
Planning a network-based attack
Active and passive attacks
Reconnaissance and information gathering
Network-based DoS/DDoS attacks and flooding
L2-based attacks
L3- and ARP-based attacks
Summary
Questions
9
Chapter 7: Detecting Device-Based Attacks
Chapter 7: Detecting Device-Based Attacks
Network devices' structure and components
Attacks on the management plane and how to defend against them
Attacks on the control plane and how to defend against them
Attacks on the data plane and how to defend against them
Attacks on system resources
Summary
Questions
10
Chapter 8: Network Traffic Analysis and Eavesdropping
Chapter 8: Network Traffic Analysis and Eavesdropping
Packet analysis tools – Wireshark, TCPdump, and others
Python/Pyshark for deep network analysis
Advanced packet dissection with LUA
ARP spoofing, session hijacking, and data hijacking tools, scripts, and techniques
Packet generation and replaying tools
Summary
Questions
11
Chapter 9: Using Behavior Analysis and Anomaly Detection
Chapter 9: Using Behavior Analysis and Anomaly Detection
Collection and monitoring methods
Establishing a baseline
Typical suspicious patterns
Summary
Questions
12
Part 3: Network Protocols – How to Attack and How to Protect
Part 3: Network Protocols – How to Attack and How to Protect
13
Chapter 10: Discovering LAN, IP, and TCP/UDP-Based Attacks
Chapter 10: Discovering LAN, IP, and TCP/UDP-Based Attacks
Layer 2 attacks – how to generate them and how to protect against them
ICMP-based attacks, ping scans, the ping of death, and L3 DDoS
Layer 4 TCP and UDP attacks
TCP sequence attacks and session hijacking attacks
Summary
Questions
14
Chapter 11: Implementing Wireless Network Security
Chapter 11: Implementing Wireless Network Security
Wireless standards, protocols, and encryption standards
Sniffing wireless networks
Packet injection
Discovering hidden SSIDs
Compromising open authentication wireless networks
WLAN encryptions and their corresponding flaws and attacks
Network jamming – DOS/DDOS wireless network attacks
Evil twin attack – honeypots
Person-in-the-Middle (PITM) attacks
Implementing a secure wireless architecture
Summary
Questions
15
Chapter 12: Attacking Routing Protocols
Chapter 12: Attacking Routing Protocols
IGP standard protocols – the behaviors RIP (brief), OSPF, and IS-IS
Falsification, overclaiming, and disclaiming
DDOS, mistreating, and attacks on the control plane
Routing table poisoning and attacks on the management plane
Traffic generation and attacks on the data plane
How to configure your routers to protect
BGP – protocol and operation
BGP hijacking
BGP mitigation
Summary
Questions
16
Chapter 13: DNS Security
Chapter 13: DNS Security
The DNS protocol, behavior, and data structure
DNS attack discovery – tools and analysis
Attacks on DNS resources – DNS flooding, NX records, and subdomains
Attacks on a service – domain spoofing and hijacking, or cache poisoning
Using DNS to bypass network controls – DNS tunneling
DNS protection
Summary
Questions
17
Chapter 14: Securing Web and Email Services
Chapter 14: Securing Web and Email Services
HTTP and HTTP2 protocol behavior, data structure, and analysis
HTTPS protocol behavior, data structure, and analysis
Web vulnerabilities and exploitation
Email protocols and loopholes
Countermeasures and defense
Summary
Questions
18
Chapter 15: Enterprise Applications Security – Databases and Filesystems
Chapter 15: Enterprise Applications Security – Databases and Filesystems
Microsoft network protocols – NetBIOS, SMB, and LDAP operations, vulnerabilities, and exploitation
Database network protocols – TDS and SQLNet operations
Attacking SQL databases
Countermeasures to protect network protocols and databases
Summary
Questions
19
Chapter 16: IP Telephony and Collaboration Services Security
Chapter 16: IP Telephony and Collaboration Services Security
IP telephony – protocols and operations
IP telephony penetration testing lab setup
IP telephony penetration testing methodology
IP telephony security and best practices
Summary
Questions
20
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
21
Index
Index
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a Free PDF copy of this book

Questions

Answer the following questions to test your knowledge of this chapter:

  1. What is the core network?
    1. The network that connects the servers to the internet
    2. The center of the network that connects the data center(s) and the user networks
    3. A general term for an enterprise network
    4. The network between the users and the internet
  2. In Figure 1.5, on the left, we can see a typical network topology. In this network, assuming they are on the same IP subnet, when PC1 pings PC5, the packets are forwarded through which of the following?
    1. Access switch ACC1, distribution switch DIST1, core switches CORE1 and CORE2, data center switches DC1 and DC2, distribution switch DIST2, and access switch ACC4.
    2. Access switch ACC1, distribution switch DIST1, core switches CORE1 and CORE2, distribution switch DIST2, and access switch ACC4.
    3. Answers (a) and (b) can both be correct, depending on the routing configuration.
    4. Answers (a) and (b) can both be correct, depending on the HSRP configuration.
  3. In the same figure (Figure 1.5) on the left, PC1 pings PC4. The packets will go through which of the following?
    1. ACC1, DIST1, CORE1, DIST2, and ACC3
    2. ACC1, DIST1, CORE2, DIST2, and ACC3
    3. ACC1, DIST1, CORE1, CORE2, DIST2, and ACC3
    4. ACC1, DIST1, CORE1, DC1, DC2, CORE2, DIST2, and ACC3
  4. Assuming PC1 is in VLAN50 and PC2 is in VLAN60, pings are sent from PC1 to PC2. Routing will be performed on which of the following?
    1. The left network is on CORE1 and the right network is on DC1.
    2. The left network is on CORE1 or CORE2, and the right network is on DC1 or DC2, depending on the routing protocol configuration.
    3. The left network is on CORE1 and the right network is on DC2.
    4. The left network is on CORE1 or CORE2, and the right network is on DC1 or DC2, depending on HSRP configuration.
  5. In Figure 1.8, on the left, the packets from PC4 that are sent to the servers will be forwarded through which of the following?
    1. ACC3, DIST2, CORE2, and DC2
    2. ACC3, DIST2, CORE2, FW2, DC2, and FW1
    3. ACC3, DIST2, CORE2, FW2, and DC2
    4. Any of the above, depending on the routing configuration.
  6. Which of the following is a characteristic of attacks that target the data plane?
    1. Changing routing tables to divert packets in the attacker's direction
    2. Flooding the network to stop users from using it
    3. Taking control of the device's console to change its configuration
    4. All the above
  7. Which of the following is a characteristic of attacks that target the control plane?
    1. Changing routing tables to divert packets toward the attacker's direction
    2. Flooding the network to stop users from using it
    3. Taking control of the device's console to change its configuration
    4. All the above
  8. What are DDoS attacks?
    1. Attacks that prevent access to the network
    2. Attacks that prevent access from network servers
    3. Attacks that prevent access from network services
    4. All of the above
Previous Section
End of Chapter 2
Next Chapter