Security Tools

After you have configured switch security, you need to verify that you have not left any weakness for an attacker to exploit. Network security is a complex and changing topic. In this section, you are introduced to how network security tools are one component used to protect a network from malicious attacks.
Network security tools help you test your network for various weaknesses. They are tools that allow you to play the roles of a hacker and a network security analyst. Using these tools, you can launch an attack and audit the results to determine how to adjust your security policies to prevent a given attack.
The features used by network security tools are constantly evolving. For example, network security tools once focused only on the services listening on the network and examined these services for flaws. Today, viruses and worms are able to propagate because of flaws in mail clients and web browsers. Modern network security tools not only detect the remote flaws of the hosts on the network, but also determine if there are application level flaws, such as missing patches on client computers. Network security extends beyond network devices, all the way to the desktop of users. Security auditing and penetration testing are two basic functions that network security tools perform.
Network Security Audit
Network security tools allow you to perform a security audit of your network. A security audit reveals what sort of information an attacker can gather simply by monitoring network traffic. Network security auditing tools allow you to flood the MAC table with bogus MAC addresses. Then you can audit the switch ports as the switch starts flooding traffic out all ports as the legitimate MAC address mappings are aged out and replaced with more bogus MAC address mappings. In this way, you can determine which ports are compromised and have not been correctly configured to prevent this type of attack.
Timing is an important factor in performing the audit successfully. Different switches support varying numbers of MAC addresses in their MAC table. It can be tricky to determine the ideal amount of spoofed MAC addresses to throw out on the network. You also have to contend with the age-out period of the MAC table. If the spoofed MAC addresses start to age out while you are performing your network audit, valid MAC addresses start to populate the MAC table, limiting the data that you can monitor with a network auditing tool.
Network Penetration Testing
Network security tools can also be used for penetration testing against your network. This allows you to identify weaknesses within the configuration of your networking devices. There are numerous attacks that you can perform, and most tool suites come with extensive documentation detailing the syntax needed to execute the desired attack. Because these types of tests can have adverse effects on the network, they are carried out under very controlled conditions, following documented procedures detailed in a comprehensive network security policy. Of course, if you have a small classroom-based network, you can arrange to work with your instructor to try your own network penetration tests.
In the next topic, you will learn how to implement port security on your Cisco switches so that you can ensure these network security tests do not reveal any flaws in your security configuration.
Network Security Tools Features
A secure network really is a process not a product. You cannot just enable a switch with a secure configuration and declare the job done. To say you have a secure network, you need to have a comprehensive network security plan defining how to regularly verify that your network can withstand the latest malicious network attacks. The changing landscape of security risks means that you need auditing and penetration tools that can be updated to look for the latest security risks. Common features of a modern network security tool include:
Service identification: Tools are used to target hosts using the Internet Assigned Numbers Authority (IANA) port numbers. These tools should also be able to discover an FTP server running on a non-standard port or a web server running on port 8080. The tool should also be able to test all the services running on a host.
Support of SSL services: Testing services that use SSL level security, including HTTPS, SMTPS, IMAPS, and security certificate.
Non-destructive and destructive testing: Performing non-destructive security audits on a routine basis that do not compromise or only moderately compromise network performance. The tools should also let you perform destructive audits that significantly degrade network performance. Destructive auditing allows you to see how well your network withstands attacks from intruders.
Database of vulnerabilities: Vulnerabilities change all the time.
Network security tools need to be designed so they can plug in a module of code and then run a test for that vulnerability. In this way, a large database of vulnerabilities can be maintained and uploaded to the tool to ensure that the most recent vulnerabilities are being tested.
You can use network security tools to:
Capture chat messages
Capture files from NFS traffic
Capture HTTP requests in Common Log Format
Capture mail messages in Berkeley mbox format
Capture passwords
Display captured URLs in browser in real time
Flood a switched LAN with random MAC addresses
Forge replies to DNS address / pointer queries
Intercept packets on a switched LAN


Post a Comment


NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog