PACE-IT: Common Network Vulnerabilities

Common network vulnerabilities.

Page 2

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certification PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Page 3


– Vulnerabilities associated with unsecure protocols.

– Vulnerable network practices.

PACE-IT.

Page 4

Vulnerabilities associated with unsecure protocols.Common network vulnerabilities.

Page 5

Vulnerabilities associated with unsecure protocols.

Network security is never a completely done deal. It often seems as if, as soon as one hole is plugged, another opens up.

While this is true, there are still steps that administrators should take to reduce the vulnerabilities that exist in the systems under their control.By reducing known vulnerabilities, administrators can then spend their time preparing for and reducing exposure to up and coming threats.


Page 6


– Telnet.» A protocol that is used to create a virtual terminal

connection that is commonly used in troubleshooting.» Telnet is very unsecure because all communication

occurs in clear text—telnet doesn’t support encryption.• Whenever possible, SSH (Secure Shell) should be

used in place of Telnet.

– SNMP (Simple Network Management Protocol) v.1 and 2.

» Protocols that are used to remotely manage and configure network devices.

» Due to a lack of encryption support, versions 1 and 2 are unsecure and are susceptible to packet sniffers.

• SNMP v.3 should be used whenever possible, as it supports more security.


Page 7


– FTP (File Transfer Protocol).» A protocol used to transfer files across a network

connection.» While a username and password are required in most

cases to use FTP, it doesn’t support encryption, which creates a vulnerability in the process.

• SFTP (Secure FTP) should be used in place of FTP, as it creates an SSH FTP session.

– TFTP (Trivial File Transfer Protocol).» A simple stripped down version of FTP that doesn’t

support authentication like standard FTP. It is commonly used to download configuration files to networking equipment.

• TFTP should only be used when a connection to networking equipment is made through the console port, thus eliminating the possibility of eavesdropping.


Page 8


– HTTP (Hypertext Transfer Protocol).» Protocol used to send and receive data over the

Internet.» It is unsecure in its basic format and susceptible to

being intercepted due to its lack of encryption.• HTTPS (HTTP Secure) should be used when

conducting sensitive business over the Internet, as it will provide encryption and other security services.

– SLIP (Serial Line IP).» An early protocol developed for communicating over

serial ports and modem connections that requires a static IP address.

» Very outdated and unsecure, SLIP doesn’t support encryption.

• PPP (Point-to-Point Protocol) should be used in place of SLIP.


Page 9

Vulnerable network practices.Common network vulnerabilities.

Page 10

Vulnerable network practices.

– Unpatched or legacy systems.» Unpatched systems are, by their very nature, unsecure.

• Keeping all operating systems and applications up to date will reduce vulnerabilities in the network.

» In some situations, it is necessary to keep legacy systems alive. This can create vulnerabilities in the system, as weaknesses in these systems tend to be well known.

• Special security measures should be taken with legacy systems in order to reduce the opportunities for exploitation.

– Open ports.» An open port—either a physical or application port—on

the network is a hole in the security of the network that may be exploited.

» While not all open ports can be or should be closed, security should be placed on those ports that need to remain open to reduce the vulnerability of the network.

• A good practice is to use a port scanner periodically to verify that only absolutely required application ports are open.


Page 11


– Unnecessary running services.» Operating system services are used to perform some

function within the system, but it is possible for them to be exploited.

• A periodic review of all running services should be conducted on all equipment that attaches to the network. All unnecessary running services should be disabled.

– Clear text credentials.» Many applications and devices require the use of

credentials in order to be used. In some cases, these credentials are sent in clear text format, which makes them easily read when captured.

• A good practice is to periodically review all applications and systems to determine which ones use clear text credentials; then, either limit their use or figure out how to encrypt the transmissions.


Page 12


– Unencrypted channels.» Any method of communication on the network that is

not encrypted is an unencrypted channel that is subject to being breached.

» While not all communications channels need to be encrypted, a good practice is to review all channels and make a decision about which ones need to be encrypted and which ones do not.

• All wireless network channels should be encrypted—no exceptions.

– RF (radio frequency) emanation.» One method of intercepting communication is to

analyze signal leakage (e.g., RF emanations). Many forms of communication are subject to these signal emanations, but there are steps that can be taken to reduce them.

• TEMPEST is a set of standards established by the NSA (National Security Agency) and NATO (North Atlantic Treaty Organization) that outlines steps that can be used to reduce the opportunity for interception and analysis of communication.


Page 13

What was covered.Common network vulnerabilities.

Security is never a completed task. It is always an ongoing concern. Administrators can take steps to reduce their exposure to known vulnerabilities. Some known vulnerable protocols include: Telnet, SNMP v.1 and v.2, FTP, TFTP, HTTP, and SLIP.

Topic


Summary

Unpatched and legacy systems are vulnerable to exploitation. An open port is a hole in the security of the system. All unused ports should be closed. It is possible to exploit running services, so all unnecessary services should be disabled. Administrators should know which applications send credentials in clear text and take steps to reduce the security risk posed by them. Unencrypted communication channels are subject to interception; a review of all channels should be conducted to reduce this vulnerability. All wireless communications channels should be encrypted. It is possible to intercept communication by capturing and analyzing RF emanations; TEMPEST is a set of specifications that reduces this vulnerability.


Page 14

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.