Hello David,
The following two discussion questions answered by students will need responses. The responses should be at least a paragraph and have two references to support your answer. The response can be your opinion and you may disagree as long as your response is provided with some sort of true facts. I will need this completed by Sunday February 21, 2016 no later than 9pm EST so that I am able to submit through Turnitin.
*If possible please respond anything related to the assignment in a Microsoft word document.*
I am very paranoid and try to minimize anyone being able to trace this back to me considering these questions are open to the public and are searchable on the internet.
*Thank you in advance*
Question:
Discuss/describe one or more LAN based attacks (also known as layer 2 attacks or lower layer attacks) which are not covered in the Module 3, orshare any additional thoughts you may have on LAN based attacks covered in Module 3.
Discuss the security measures or methods used to prevent or mitigate the LAN based attacks you presented in Question A. Student Answer:
Student Answer: VLAN Hopping
One threat to layer two switching is Virtual LAN (VLAN) hopping. Trunk ports by default are configured to route traffic to all VLANS with 802.1 or Inter Switch Link (ISL) encapsulation. Dynamic Trunk Protocol (DTP) automates trunk configuration on later 2 switches setting trunking ports to desired states.In a VLAN Hopping attack a host can spoof with 802.1 or ISL making the host a member of all VLANs.(Bhaiji, 2009)
Another similar attack vector is when an attacker attaches to a data VLAN then uses spoofing or double tagging where the attacker sends data to the switches with two 802.1q headers one for the normal switch and one for the switch being targeted. If the switch is set for DTP the attacker can hop onto another VLAN and then could initiate ARP (address resolution protocol) poisoning creating a man in the middle attack.(Vacca, 2013)
Some ways to defend against VLAN Hopping and double tagging are: use dedicated vlan ID’s for all ports, put unused ports in a disabled VLAN, do not use default VLAN names, disable auto trunking by turning DTP off, explicitly configure trunking on ports, Use 802.1q tag on all trunk ports.(Bhaiji, 2009)
References:
Bhaiji, Y. (2009). Understanding, preventing and defending against Layer 2 attacks. Retrieved from Cisco.
Vacca, J. R. (2013). Computer and Information Security Handbook. Waltham, MA: Esliver.
Question:
Discuss/describe two or more attacks to which routers (layer 3 devices) are vulnerable.
How are these attacks detected and prevented by the security devices (e.g. Intrusion Detection Systems or firewalls)?
Student Answer: Attacks on Routers
One of the most important functions on the Internet is routing (Chakrabarti & Manimaran, 2003). If routes to certain nodes or networks were somehow deleted or modified, then the funtionality of a network service could be severely affected or even rendered useless. One of the ways routes could be maliciously edited or deleted is through routing table poisoning. According to Murthy & Manoj (2004), routing table poisoning happens when a compromised node on a network sends a false routing table update or modifies a legitamite route update packet that is sent to another node on the network. If routing tables were to become poisoned, this could result in many different situations. One would be inefficient, or “sub-optimal” routing, which could greatly affect real-time applications over the Internet (Chakrabarti & Manimaran, 2003). Another effect could be network congestion. If the routing tables were to be modified to only point to certain routes (Say, to the attacker's network so he/she could sniff packets) then this could create congestion and slow down the network (Chakrabarti & Manimaran, 2003).
Another possible attack against a router would be a denial of service (DOS) attack. This can be achieved by 'flooding' a node (in this case, a router) with as many packets as possible as to try to overwhelm it, thus possibly denying other legitamite packets the chance to be processed and passed through (Murthy & Manoj, 2004). This could also be carried out with the aforementioned attack, routing table poisoning. If enough routing tables point to certain paths, or nodes, then all of those paths/nodes could become overwhelmed by the amount of packets its receiving and could either crash or start to drop packets (Chakrabarti & Manimaran, 2003).
An IDS (Such as Snort) or a firewall could be configured to detect an attack such as a DOS by looking at the rate of packets ( and/or type of packet ) coming from a specfic source. Once it (the firewall or IDS) detects that too many packets are being sent from one host in a specific time period, it can then drop those packets from that host, thus mitigating a denial of service attack.
To protect against something like routing table poisoning, an IDS could be configured to detect abnormal routing update packets using anomaly-based detection. This technique uses a set of rules or concepts that would define normal network activity, once the system (Snort) gets a baseline of what is considered normal, if it sees anything that devaites from normal behavior, it can then either flag that traffic or drop it, depending on the policy set in place (Alder, 2007).
References:
Alder, R. (2007). In Kohlenberg, T. (Ed.), Snort: IDS and IPS toolkit. Burlington, MA: Syngress Publishing
Chakrabarti, A., & Manimaran, G. (2003). A scalable method for router attack detection and location in link state routing. In Local Computer Networks, 2003. LCN'03. Proceedings. 28th Annual IEEE International Conference on (pp. 293-294). IEEE.
Murthy, C. S. R., & Manoj, B. S. (2004). Ad Hoc Wireless Networks: Architectures and Protocols. New York, NY: Prentice Hall.