Network Security {Cont’d}

DAMOLA O.

To: CISSP
To be covered…
What is a Network?
How does the Internet work?
OSI Model and TCP/IP Model
IP Addressing and Subnetting
Common Network Attacks
Wireless Vulnerability
Benefits of wired over wireless
How to secure your Network
Unsecure and Secure Protocols
Ports and Interfaces
Bluetooth Security
Wireless & IoT Security
 What wireless
security issues
do you know
of?
▪Wardriving

▪Evil Twin Attacks

▪Wireless Sniffing

▪Unauthorised Computer Access

▪Theft of Mobile Devices

Securing Wireless networks
Avoid using WEP

Consider using WPA2 with a complex password

It is advisable to disable WPS as it makes it easier to

brute-force WPA password since it uses only an 8-digit pin

Ensure the change of the default admin username and

password of routers and other wireless devices

WPA: Wifi Protected Access |

 Breaking into Org Wifi
•Effective social engineering makes it significantly easier

•However, less techy way would be:

• Lay your hands on a device that has been connected to the
target’s network once
• Check the password of the SSID either via GUI or CMD
• This could be through collecting info on all wireless networks
the device has been connected to

Strictly for educational purposes to know how to better secure yours, Company’s or Client’s Wifi
Common System Vulnerabilities
Default password, Device or
Service
Weak passwords software contains
Misconfiguration
or no password a backdoor

Out of
Code execution
date/unpatched
vulnerability
software
Perimeter Security Controls
Boundary Routers
◦ A router at the perimeter

DMZ
◦ An isolated network
◦ Separates trusted and untrusted

Honeypot
◦ A secured computer that is deliberately susceptible to attacks

Firewall
◦ Device to protect networks from each other
Firewall

Monitors and filters incoming and outgoing network traffic based. | Works on RuBAC
 DMZ

Image credit: Geeksforgeeks

Common Implementation of a DMZ:

A trusted intranet + demilitarized + untrusted Internet | Publicly accessible servers/systems are placed in the DMZ
Perimeter Security Design
Packet Filter
◦ Network layer security – ACL, Standard external attacks
Dual-Homed Host
◦ Computer with two NIC cards
Screened Host
◦ Host protected by Packet filter
Screened Subnet
◦ DMZ between two firewalls or hanging off one firewall
Multi-Homed Firewall
◦ Firewall with one or more DMZs
 Network Access Control (NAC)

Image credit: Portnox

NACs check devices if they meet certain requirement or match certain attributes before allowing them to connect to the network
Screening may include user authentication and/or device security checks | Usually to prevent unauthorised access to a private/corporate network.
ACL – Access control lists
Used to manage ACLs are a list of rules Components: ACLs
permissions & access to that define what actions consist of entries
resources. They are a are permitted or denied specifying subjects,
Example:
crucial component of for a subject (user, resources, and
security in network and device, or system) on a permissions (allow or
system administration. particular resource. deny).

- In a network firewall, an
- Subject: IP address - Resource: Web server - Permission: Allow
ACL rule might look like
192.168.1.10 (port 80) inbound traffic
this:

"The principle of implicit

deny dictates that any
action a subject is not
expressly granted
authorisation for must be
denied."
Centralized Authentication Control
Radius
◦ Uses UDP/IP
◦ Password encrypted in transit

TACACS+
◦ Uses TCP/IP
◦ All Communication between client and AS is encrypted

Diameter
◦ Peer to Peer authentication
◦ No encryption, IPSec is expected
EAP – Extensible Authentication
Protocols
EAP – authentication framework
Wireless, Point-point etc.
Many types of EAP
LEAP – Lightweight EAP, Cisco, don’t use
EAP-TLS Client & Server certificates, needs PKI
EAP-TTLS Tunnelled TLS, no client certificates
PEAP – Protected EAP, no client certificates
 You need a powerful wireless card that
supports Monitor mode and packet
injection.

Setting up for
Wireless Usually built-in wireless cards do not
Secuerity support these.
Assessment

We can connect the in-built wireless

card via NAT to the internet while
leaving the external for our activities
Managed Mode vs
Monitor Mode
#iwconfig {to see wireless interfaces only}

Managed Mode: this is usually the default mode of wireless

devices and it means only packets marked for this device
would be captured. I.e, it would capture only packets that
have the destination MAC as its MAC address.

Monitor Mode: helps to capture wireless packets that are

within our range regardless of where they might be sent to or
sent from.
Sniffing packets in Monitor Mode
Airodump-ng is designed to allow packet sniffing in monitor mode

Check if wireless card is in monitor mode

#iwconfig

Airodump-ng mon0 {wireless interface in Monitor mode}

Why would
an attacker
want to
change MAC
Addresses?
 Covering of tracks/Avoid web tracking
 Why might we need to change our MAC?
▪Bypass filters
▪Impersonate other legitimate people or devices allowed on a particular network
▪Helps to mask our identity (being anonymous)
ARP Poisoning
This is quite difficult to fully protect against

Main issues with ARP at the moment

•Clients can accept responses even if they did not send a request
•Each client can accept responses even if they did not send a request
•No authentication
•No encryption
ARP Poisoning
Running ARP P&S
//arpspoof is part of dsniff suite
❑Step1: Tell client I am the AP {x=target IP, y=AP Ip}
#arpspoof -i wlan0 –t x.x.x.x y.y.y.y

❑Step 2:Tell AP I am target client

Arpspoof -i wlan0 -t y.y.y.y x.x.x.x

❑Step 3: Enable IP4wd to all packets so all packets flow through our device without being dropped
Echo 1>/proc/sys/net/ipv4/ip_foward
Test using arp-a on target machine to observe change in MAC addr of router/machine
 MITMF
This works using ARP poisoning/spoofing
Allows to launch a number of MITM attacks
Also starts SSL Strip automatically to bypass HTTPS/SSL

#MITMF --arp --spoof --gateway x.ip.x.ip target x.ip.x.ip -i wlan0

-If you don’t specify a target, it defaults to the entire subnet

-It also sniffs/captures data
*Websites like Paypal, FB and Google use HSTS (the browser refuses to display a site already registered on it
to be HTTPS)
*MITMF has a HSTS plugin to bypass this, but this works only on old browsers
 DNS Spoofing
Allows redirection of requests to a certain domain, or to another domain
That is, redirection to a fake or different server from that requested

Step 1: edit DNS Settings > vim /etc/mitmf/mitmf.conf

Step 2: Go to the A records: [[[A]]] //these are responsible for translating the domains to Ips
x.domain.com=x.fake.ip.x //set the address to be redirected and new destination

Step 3: Now to make this work on target, run:

#mitmf --arp --spoof --gateway x.x.x.x --target y.y.y.y -i w0 --dns
This applies the modification in the A records done in step 2 on target machine
The point is…
•You don’t want your systems to be susceptible or vulnerable
to all these.

•You have an idea of how they work now, how

hackers/attackers think putting you in a better position to
protect, prevent and/or mitigate.

•You cannot protect what you do not know!

Virtualisation
& Cloud
 Hypervisor

Ubuntu Mac OS

Windows
Server 2016

Physical Machine: Windows 11

 Important in virtualised environments

Enhancing security for the management Imposing restrictions on administrative

plane. access to underlying systems and hardware.

Virtualization
Cloud
Service Types
•Software-as-a-Service (SaaS):
• SaaS deploys complete applications in the cloud.
• The customer's responsibility is limited to supplying data and interacting with the application.

•Infrastructure-as-a-Service (IaaS):
• IaaS offers fundamental infrastructure components like servers and storage.
• The customer takes charge of managing the operating system and configuring and installing software.

•Platform-as-a-Service (PaaS):
• PaaS provides customers with a managed environment.
• Customers can run their software without worrying about the underlying hardware.
 Deployment Models
• Public Cloud:
• Public cloud providers offer services to multiple customers.
• Multiple customers may utilise the same physical hardware.

• Private Cloud:
• Private cloud environments allocate dedicated hardware to a single user or organisation.

• Hybrid Cloud:
• Hybrid cloud environments blend elements of both public and private cloud services within a single organisation.
• Provides flexibility, scalability, and data residency options.
• Example: An organization using a private cloud for sensitive data and a public cloud for scalable web hosting.

• Community Cloud:
• Community cloud environments follow a model akin to the public cloud.
• Access, however, is restricted to a specific group or community of customers.
• Offers the benefits of public and private clouds with restricted access.
• Example: Healthcare providers sharing a cloud platform for managing electronic health records securely.
IoT Security
Embedded systems are devices without traditional computing capabilities that incorporate internal computers to
enhance their operations. These systems form a vital component of the Internet of Things (IoT), encompassing
various sensors and devices designed to interface with the physical world. To safeguard IoT devices against numerous
security threats, the application of network segmentation proves to be highly effective.

Internet of Things (IoT): Comprises sensors and devices that interact with the physical world.

- Isolating IoT devices onto dedicated networks.

Network Segmentation for IoT Security:
- Significantly enhances their protection against various security risks.
Common Threats to IoT
Unauthorised Access and Data Theft:
- Threat: Unauthorized individuals or malicious actors gain access to IoT devices, compromising
sensitive data.
- Prevention/Mitigation:
- Implement strong authentication mechanisms such as multi-factor authentication (MFA).
- Regularly update device passwords and credentials.
- Encrypt data both in transit and at rest.
- Restrict access through network segmentation and firewalls.
Data Interception and Eavesdropping:
- Threat: Attackers intercept and eavesdrop on data transmitted between IoT devices,
potentially gaining access to sensitive information.
- Prevention/Mitigation:
- Use secure communication protocols like TLS/SSL.
- Implement end-to-end encryption to protect data integrity and confidentiality.
- Regularly update and patch devices to fix vulnerabilities in communication protocols.
Device Tampering and Physical Attacks:
- Threat: Attackers physically tamper with devices or gain physical access to them.
- Prevention/Mitigation:
- Embed tamper-evident features in device design.
- Secure device housing to prevent physical tampering.
- Employ hardware security modules (HSMs) for critical functions.
- Implement secure boot processes to detect unauthorized changes.
DDoS Attacks:
- Threat: Devices are targeted in Distributed Denial of Service (DDoS) attacks, making them
unresponsive.
- Prevention/Mitigation:
- Implement traffic analysis and anomaly detection to identify DDoS attacks.
- Employ rate limiting and traffic filtering.
- Use Content Delivery Networks (CDNs) to absorb traffic spikes.
Malware and Ransomware:
- Threat: Malicious software infects devices, leading to data breaches or rendering devices
non-functional.
- Prevention/Mitigation:
- Regularly update device firmware to patch known vulnerabilities.
- Employ intrusion detection systems (IDS) and intrusion prevention systems (IPS).
- Conduct regular security assessments and vulnerability scanning.
Lack of Device Patching:
- Threat: Devices may run outdated or unpatched firmware or software, leaving them
vulnerable to known exploits.
- Prevention/Mitigation:
- Establish a robust update and patch management process.
- Enforce automatic updates or notifications for users.
- Develop a mechanism for over-the-air (OTA) updates.
Insecure APIs and Interfaces:
- Threat: Weaknesses in application programming interfaces (APIs) expose vulnerabilities.
- Prevention/Mitigation:
- Implement strong API authentication and authorisation.
- Regularly audit APIs for security weaknesses.
- Use API gateways and Web Application Firewalls (WAFs) for protection.
Insider Threats:

- Threat: Insiders, such as employees or

contractors, may intentionally or
unintentionally compromise security.

- Prevention/Mitigation:

- Implement access controls and least

privilege principles.

- Conduct background checks and user

training.

- Monitor and audit user activities.

Privacy Violations:
- Threat: Inadequate data protection may lead to privacy
violations and regulatory non-compliance.
- Prevention/Mitigation:
- Comply with data protection regulations (e.g., GDPR, CCPA).
- Implement data anonymization and minimization.
- Communicate privacy practices and policies to users.
Supply Chain and 3rd Party Risks:
- Threat: Vulnerabilities in components or software from
third-party suppliers can affect device security.
- Prevention/Mitigation:
- Vet and audit suppliers and their security practices.
- Maintain a strong vendor risk management process.
- Regularly update third-party components.
 Shodan – IoT Search Engine
There is GUI: shodan.io
Webcam
Port
Traffic signal

And a CLI
#shodan host x.ip.x.ip

On Shodan,
#username/passwords may be required
#Sometimes, trying default usernames/passwords would work
#Sometimes, there may be no password
SCADA & ICS
 SCADA vs ICS
▪Supervisory Control and Data Acquisition (SCADA) systems are critical for controlling and
monitoring industrial processes.

▪Industrial Control Systems are the backbone of critical infrastructure and manufacturing
processes. ICS is a broader term encompassing all systems used for controlling industrial
processes.
◦ It includes SCADA systems but also covers other components like PLCs, RTUs, and DCS (Distributed
Control Systems).

ImageCredit: RealPars
Securing ICS/SCADA Systems
▪Isolation: Segregate SCADA networks from the broader internet to limit exposure.

▪Access Control: Implement strict access controls and authentication mechanisms.

▪Patch Management: Keep SCADA software and systems up to date with security patches.

▪Firewalls: Utilise firewalls and intrusion detection systems to monitor network traffic.

▪Anomaly Detection: Employ intrusion detection systems to monitor for unusual network
activity

▪Security Policies: Develop and enforce robust security policies to guide system administrators.

▪Physical Security: Secure physical access to SCADA components to prevent tampering.

▪Incident Response: Prepare for cyber incidents with a well-defined incident response plan.

▪Training: Ensure that personnel are trained in SCADA security best practices to reduce risks.
 Bluetooth
Bluetooth technology, commonly used for wireless communication between devices, is susceptible to security
threats that can compromise data and device integrity. Key points to consider for security include:

• Pairing: Securely pair devices to prevent unauthorised connections.

• Encryption: Enable encryption to protect data during transmission.

• Authentication: Utilise strong authentication methods to verify device identities.

• Device Visibility: Limit device visibility to prevent unauthorised discovery.

• Regular Updates: Keep Bluetooth firmware and software up to date to patch vulnerabilities.

• Public vs. Private Mode: Choose between public and private modes depending on your security needs.

• Physical Access: Be cautious with physical access, as attackers may exploit proximity.

• Bluetooth Protocols: Understand the various Bluetooth protocols, such as Bluetooth Classic and Bluetooth Low
Energy (BLE), and their associated security considerations.
Questions?

D.O.Lawal@greenwich.ac.uk
@L_damola_