Network hardening is the process of securing a network by reducing its potential vulnerabilities through configuration changes and taking specific steps.
Implicit deny is a network security concept where anything not explicitly permitted or allowed should be denied.
Analyzing logs is the practice of collecting logs from different networks and sometimes client devices on your network, then performing an automated analysis on them.
Correlation analysis is the process of taking log data from different systems and matching events across the systems.
Flood guards provide protection against Dos or denial of service attacks.
EAP-TLS is an authentication type supported by EAP that uses TLS to provide mutual authentication of both the client and the authenticating server.
if you really want to lock down your network, you can implement 802.1x.
Why WEP Encryption fall apart?
A general concept in security and encryption is to never send the plain text and ciphertext together so that attackers can't work out the key used for encryption. But WEP's true weakness wasn't related to the authentication schemes, its use of the RC4 stream cipher and how the IVs were used to generate encryption keys led to WEP's ultimate downfall. The primary purpose of an IV is to introduce more random elements into the encryption key to avoid reusing the same one. When using a stream cipher like RC4, it's super important that an encryption key doesn't get reused. This would allow an attacker to compare two messages encrypted using the same key and recover information. But the encryption key in WEP is just made up of the shared key, which doesn't change frequently. It had 24-bits of randomized data, including the IV tucked onto the end of it. This results in only a 24-bit pool where unique encryption keys will be pulled from and used.
Since the IV is made up of 24-bits of data, the total number of possible values is not very big by modern computing standards. That's only about 17 million possible unique IVs, which means after roughly 5,000 packets, an IV will be reused. When an IV is reused, the encryption key is also reused.
It's also important to call out that the IV is transmitted in plain text. If it were encrypted, the receiver would not be able to decrypt it. This means an attacker just has to keep track of IVs and watch for repeated ones. The actual attack that lets an attacker recover the WEP key relies on weaknesses in some IVs and how the RC4 cipher generates a keystream used for encrypting the data payloads. This lets the attacker reconstruct this keystream using packets encrypted using the weak IVs.
Packet Sniffing or Packet Capture, is a process of intercepting network packets in their entirety for analysis.
Promiscuous Mode: A type of computer networking operation mode in which all networks data packets can be accessed and viewed by all the network adapter operating in this mode
Port Mirroring, allows the switch to take all packets from a specified port, port range, or the entire VLAN and mirror the packets to a specified switch port.
Monitor mode, allows us to scan across channels to see all wireless traffic being sent by APs and clients.
Tcpdump is a super popular, lightweight command-line-based utility that you can use to capture and analyze packets. Tcpdump uses the open-source libpcap library.
Intrusion Detection System or NIDS, the detection system would be deployed somewhere on a network, where it can monitor traffic for a network segment or subnet.
NIP system or Network Intrusion Prevention system: NIDS device is a passive observer that only watches the traffic, and sends an alert if it sees something. This is unlike a NIPS device, which not only monitors traffic but can take action on the traffic it's monitoring, usually by blocking or dropping the traffic. The detection of threats or malicious traffic is usually handled through signature-based detection, similar to how antivirus software detects malware.
Comments
Post a Comment