Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Network Protocols for Security Professionals
  • Table Of Contents Toc
Network Protocols for Security Professionals

Network Protocols for Security Professionals

By : Yoram Orzach, Deepanshu Khanna
5 (1)
Buy this Book
close
close
Network Protocols for Security Professionals

Network Protocols for Security Professionals

5 (1)
By: Yoram Orzach, Deepanshu Khanna
Buy this Book

Overview of this book

With the increased demand for computer systems and the ever-evolving internet, network security now plays an even bigger role in securing IT infrastructures against attacks. Equipped with the knowledge of how to find vulnerabilities and infiltrate organizations through their networks, you’ll be able to think like a hacker and safeguard your organization’s network and networking devices. Network Protocols for Security Professionals will show you how. This comprehensive guide gradually increases in complexity, taking you from the basics to advanced concepts. Starting with the structure of data network protocols, devices, and breaches, you’ll become familiar with attacking tools and scripts that take advantage of these breaches. Once you’ve covered the basics, you’ll learn about attacks that target networks and network devices. Your learning journey will get more exciting as you perform eavesdropping, learn data analysis, and use behavior analysis for network forensics. As you progress, you’ll develop a thorough understanding of network protocols and how to use methods and tools you learned in the previous parts to attack and protect these protocols. By the end of this network security book, you’ll be well versed in network protocol security and security countermeasures to protect network protocols.
Table of Contents (23 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share your thoughts
Icon
Download a Free PDF copy of this book
1
Part 1: Protecting the Network – Technologies, Protocols, Vulnerabilities, and Tools
Icon
Part 1: Protecting the Network – Technologies, Protocols, Vulnerabilities, and Tools
Lock Free Chapter
2
Chapter 1: Data Centers and the Enterprise Network Architecture and its Components
Icon
Chapter 1: Data Centers and the Enterprise Network Architecture and its Components
Icon
Exploring networks and data flows
Icon
The data center, core, and user networks
Icon
Switching (L2) and routing (L3) topologies
Icon
The network perimeter
Icon
The data, control, and management planes
Icon
SDN and NFV
Icon
Cloud connectivity
Icon
Type of attacks and where they are implemented
Icon
Summary
Icon
Questions
3
Chapter 2: Network Protocol Structures and Operations
Icon
Chapter 2: Network Protocol Structures and Operations
Icon
Data network protocols and data structures
Icon
Layer 2 protocols – STP, VLANs, and security methods
Icon
Layer 3 protocols – IP and ARP
Icon
Routers and routing protocols
Icon
Layer 4 protocols – UDP, TCP, and QUIC
Icon
Encapsulation and tunneling
Icon
Summary
Icon
Questions
4
Chapter 3: Security Protocols and Their Implementation
Icon
Chapter 3: Security Protocols and Their Implementation
Icon
Security pillars – confidentiality, integrity, and availability
Icon
Encryption basics and protocols
Icon
Public key infrastructure and certificate authorities
Icon
Authentication basics and protocols
Icon
Authorization and access protocols
Icon
Hash functions and message digests
Icon
IPSec and key management protocols
Icon
SSL/TLS and proxies
Icon
Network security components – RADIUS/TACACS+, FWs, IDS/IPSs, NAC, and WAFs
Icon
Summary
Icon
Questions
5
Chapter 4: Using Network Security Tools, Scripts, and Code
Icon
Chapter 4: Using Network Security Tools, Scripts, and Code
Icon
Commercial, open source, and Linux-based tools
Icon
Information gathering and packet analysis tools
Icon
Vulnerability analysis tools
Icon
Exploitation tools
Icon
Stress testing tools
Icon
Network forensics tools
Icon
Summary
Icon
Questions
6
Chapter 5: Finding Protocol Vulnerabilities
Icon
Chapter 5: Finding Protocol Vulnerabilities
Icon
Black box, white box, and gray box testing
Icon
Black box and fuzzing
Icon
Common vulnerabilities
Icon
Fuzzing tools
Icon
Crash analysis – what to do when we find a bug
Icon
Summary
Icon
Questions
7
Part 2: Network, Network Devices, and Traffic Analysis-Based Attacks
Icon
Part 2: Network, Network Devices, and Traffic Analysis-Based Attacks
8
Chapter 6: Finding Network-Based Attacks
Icon
Chapter 6: Finding Network-Based Attacks
Icon
Planning a network-based attack
Icon
Active and passive attacks
Icon
Reconnaissance and information gathering
Icon
Network-based DoS/DDoS attacks and flooding
Icon
L2-based attacks
Icon
L3- and ARP-based attacks
Icon
Summary
Icon
Questions
9
Chapter 7: Detecting Device-Based Attacks
chevron up
Icon
Chapter 7: Detecting Device-Based Attacks
Icon
Network devices' structure and components
Icon
Attacks on the management plane and how to defend against them
Icon
Attacks on the control plane and how to defend against them
Icon
Attacks on the data plane and how to defend against them
Icon
Attacks on system resources
Icon
Summary
Icon
Questions
10
Chapter 8: Network Traffic Analysis and Eavesdropping
Icon
Chapter 8: Network Traffic Analysis and Eavesdropping
Icon
Packet analysis tools – Wireshark, TCPdump, and others
Icon
Python/Pyshark for deep network analysis
Icon
Advanced packet dissection with LUA
Icon
ARP spoofing, session hijacking, and data hijacking tools, scripts, and techniques
Icon
Packet generation and replaying tools
Icon
Summary
Icon
Questions
11
Chapter 9: Using Behavior Analysis and Anomaly Detection
Icon
Chapter 9: Using Behavior Analysis and Anomaly Detection
Icon
Collection and monitoring methods
Icon
Establishing a baseline
Icon
Typical suspicious patterns
Icon
Summary
Icon
Questions
12
Part 3: Network Protocols – How to Attack and How to Protect
Icon
Part 3: Network Protocols – How to Attack and How to Protect
13
Chapter 10: Discovering LAN, IP, and TCP/UDP-Based Attacks
Icon
Chapter 10: Discovering LAN, IP, and TCP/UDP-Based Attacks
Icon
Layer 2 attacks – how to generate them and how to protect against them
Icon
ICMP-based attacks, ping scans, the ping of death, and L3 DDoS
Icon
Layer 4 TCP and UDP attacks
Icon
TCP sequence attacks and session hijacking attacks
Icon
Summary
Icon
Questions
14
Chapter 11: Implementing Wireless Network Security
Icon
Chapter 11: Implementing Wireless Network Security
Icon
Wireless standards, protocols, and encryption standards
Icon
Sniffing wireless networks
Icon
Packet injection
Icon
Discovering hidden SSIDs
Icon
Compromising open authentication wireless networks
Icon
WLAN encryptions and their corresponding flaws and attacks
Icon
Network jamming – DOS/DDOS wireless network attacks
Icon
Evil twin attack – honeypots
Icon
Person-in-the-Middle (PITM) attacks
Icon
Implementing a secure wireless architecture
Icon
Summary
Icon
Questions
15
Chapter 12: Attacking Routing Protocols
Icon
Chapter 12: Attacking Routing Protocols
Icon
IGP standard protocols – the behaviors RIP (brief), OSPF, and IS-IS
Icon
Falsification, overclaiming, and disclaiming
Icon
DDOS, mistreating, and attacks on the control plane
Icon
Routing table poisoning and attacks on the management plane
Icon
Traffic generation and attacks on the data plane
Icon
How to configure your routers to protect
Icon
BGP – protocol and operation
Icon
BGP hijacking
Icon
BGP mitigation
Icon
Summary
Icon
Questions
16
Chapter 13: DNS Security
Icon
Chapter 13: DNS Security
Icon
The DNS protocol, behavior, and data structure
Icon
DNS attack discovery – tools and analysis
Icon
Attacks on DNS resources – DNS flooding, NX records, and subdomains
Icon
Attacks on a service – domain spoofing and hijacking, or cache poisoning
Icon
Using DNS to bypass network controls – DNS tunneling
Icon
DNS protection
Icon
Summary
Icon
Questions
17
Chapter 14: Securing Web and Email Services
Icon
Chapter 14: Securing Web and Email Services
Icon
HTTP and HTTP2 protocol behavior, data structure, and analysis
Icon
HTTPS protocol behavior, data structure, and analysis
Icon
Web vulnerabilities and exploitation
Icon
Email protocols and loopholes
Icon
Countermeasures and defense
Icon
Summary
Icon
Questions
18
Chapter 15: Enterprise Applications Security – Databases and Filesystems
Icon
Chapter 15: Enterprise Applications Security – Databases and Filesystems
Icon
Microsoft network protocols – NetBIOS, SMB, and LDAP operations, vulnerabilities, and exploitation
Icon
Database network protocols – TDS and SQLNet operations
Icon
Attacking SQL databases
Icon
Countermeasures to protect network protocols and databases
Icon
Summary
Icon
Questions
19
Chapter 16: IP Telephony and Collaboration Services Security
Icon
Chapter 16: IP Telephony and Collaboration Services Security
Icon
IP telephony – protocols and operations
Icon
IP telephony penetration testing lab setup
Icon
IP telephony penetration testing methodology
Icon
IP telephony security and best practices
Icon
Summary
Icon
Questions
20
Assessments
Icon
Chapter 1
Icon
Chapter 2
Icon
Chapter 3
Icon
Chapter 4
Icon
Chapter 5
Icon
Chapter 6
Icon
Chapter 7
Icon
Chapter 8
Icon
Chapter 9
Icon
Chapter 10
Icon
Chapter 11
Icon
Chapter 12
Icon
Chapter 13
Icon
Chapter 14
Icon
Chapter 15
Icon
Chapter 16
21
Index
Icon
Index
Icon
Why subscribe?
22
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share your thoughts
Icon
Download a Free PDF copy of this book

Attacks on the data plane and how to defend against them

As we saw earlier, the data plane is the part of the networking device that's responsible for the transfer of data through the device, and therefore attacks on the data plane are those targeting processes and services that are responsible for data transfer. Data plane services are services such as ICMP, ARP, and Reverse ARP (RARP), among others. We will go through these services and see how to protect the data plane while using them.

Protection against heavy traffic through an interface

Heavy traffic can cross a networking device interface—that's the purpose of it. The thing is to know when it happens and check if it is legitimate traffic. For this purpose, there are two things we can configure, as follows:

  • Traffic threshold
  • Storm control

Configuring a threshold: 80-90% of the interface bandwidth should be a reasonable value. For example, for Cisco, refer to https://www.cisco.com/c/en...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Network Protocols for Security Professionals
End of Section 9
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon