INFO1200

About This Presentation

Title:

Description:

Number of Views:65

Avg rating:3.0/5.0

Slides: 18

Provided by: conest

Category:

Tags: icann | info1200 | sniffing

Transcript and Presenter's Notes

Title: INFO1200

1
INFO1200 Hardening the Infrastructure

2
INFO1200 Hardening the Infrastructure

Internal vs External Segments
External Segment or Perimeter Segment
- any network that exists in a low security zone
of your environment
eg. network that is attached to the external
interface of your ISP's router
- can extend to other network segments such as
DMZ
- Perimeter network or device
1. serves content to the Internet
2. can be pinged or connected to by anyone
- WAP's extend perimeter of network also
potentially allow untrusted user access to network

3
INFO1200 Hardening the Infrastructure

Internal vs External Segments
Internal Segment
- any network that resides in the secured portion
of your environment and provides resources and
services that are only for internal use
- must assign network device criticality to
plan how to handle security patches, network
recovery, continuity
ie. some internal segment are more important than
others
- must also have accurate and up-to-date
inventories of network device assets and
owners/maintainers

4
INFO1200 Hardening the Infrastructure

Footprinting Finding the IP Addresses Assigned
to Company
Using whois to Understand Who You Are
- ICANN defines Address supporting Organization
(ASO) which maintains databases of assigned
public IP addresses
- Databases broken down into Regional Internet
Registries (RIR) each geographic region has an
organization which administers RIR for that
region
ie. ARIN for North South America
- RIRs can be queried using IP address or domain
name using UNIX whois or by using web sites such
as
www.network-tools.com or www.dnsstuff.com

5
INFO1200 Hardening the Infrastructure

Footprinting Finding the IP Addresses Assigned
to Company
Using DNS Interrogation for More Information
- If you don't know all of domains or IP
Addresses of company can use SEC's utility
EDGAR to search for subsidiaries
- With info on subsidiaries, can use NSLOOKUP to
search for info on various possible domains of
subsidiaries
ie subsidiary.com, subsidiary.net etc.
- Once verified through NSLOOKUP, can go to
ARIN's web site to find IP addresses

6
INFO1200 Hardening the Infrastructure

7
INFO1200 Hardening the Infrastructure

8
INFO1200 Hardening the Infrastructure

Monitoring Traffic
Sniffer Basics
-can give valuable insight into performance
bottlenecks in your network
-will copy packets that enter NIC to the screen
in format which can be understood
-can also provide packet header info protocol
decodes

9
INFO1200 Hardening the Infrastructure

Monitoring Traffic
Sniffing Challenges
- Unless NIC is set to promiscuous mode only
see packets destined for your PC
- Can only sniff packets in your collision domain
Thus if using switches will only see packets
destined for your PC on the switch can be
solved by using hub but not desirable
- Using a managed switch provides solution by
using feature called port mirroring

10
INFO1200 Hardening the Infrastructure

11
INFO1200 Hardening the Infrastructure

Monitoring Traffic
Sniffing the Air
- need specialized software and hardware
- Some vendors of Wired sniffing tools provide
wireless tools ie. WildPackets
- may need special wireless NIC as some apps will
only work with NICs having PRISM3 chipset or only
certain models of NIC
- applications include Net Stumbler, Air Snort
etc.

12
INFO1200 Hardening the Infrastructure

Monitoring Traffic
Network Counters
- Statistical knowledge of network traffic can be
obtained through use of counters available in
network devices or OSs like Win 2003
- Useful info can include No. of runts or
oversized packets
- Some examples of sources of counters are
Routers - ie. Cisco routers
SMNP counters
Windows 2003 Performance Monitor

13
INFO1200 Hardening the Infrastructure