wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

My 1stNull Puliya session

profile
Mohnishsingh
Nov 04, 2017
0 Likes
3 Discussions
581 Reads

My 1st Null Puliya session

As a student’s  we face a major drawback in the industry as our knowledge is considered inadequate to face the real life challenges and to take administrative  decisions in the industry thus we orient our lives to jobs made available in the industry and restrict our talents to a nutshell of our possibilities. I am an individual   who thrives and grows on research . Currently I am working with a cyber security firm as a threat analyst .Ever since my college days I have been attending conferences and have been following social media and search engines to get solutions to problems faced by the industry . No denying that it’s a real hard task to make any sense with the immense competition and technology revolution. This is exactly what I had been feeling as I started my career  but determined to succeed I focused my self by  understanding my job role  and growing through research  . My certifications gave me the technical know how but still it felt inadequate. The puzzle was yet to be solved. My understanding for my domain had to increase “how will I ever face an incident “ is the though revolving in my head . Finally I got a mail saying that there was a seminar on incidence response   which is a domain that peeks my interest to my luck the seminar was at hop skip and jump from my house so I decided to attend it .This invitation was of a null meet. Upon attending it, I meet a similar group of enthusiast who presented their work of excellence . The PPT had such a great impact on me that it got me motivated and energized . I decided to get a stronger and more intelligent   grip on my domain. In between the session we were briefed about null and its cause . Null is a community platform that breaks the barrier of silos driven in the industry it gives a common forum across the industry to showcase your research or real life experience in the field of security . In this age of technology revolution experts in forensics , penetration testing , incident response , etc… come together to catch up and share insights on the industry . Attacks , tactics , procedures , hardening , compliance , hacker groups , real life experiences with hackers ,research papers ,news bytes, malware forensics are some of the  topic of interest in the community. Community is not only for developing technical know how, but it also a tool for skill development and platform for excellent research work. I have regularly been attending the sessions even if I face hardships in my office as my job is a 24/7 commitment and I follow an un usual calendar . I have worked ,studied for my masters  and attended null in the last year . This has sufficed my thirst and evolved me to a real solid foundation in my industry. I decided that I will conduct a puliya  session in null : https://null.co.in/event_sessions/1664-network-device-security (for complete details and ppt please visit above link ) The session covered Attack scenarios for network attacks and  its  mitigations It was divided in 3 Parts: CAM overflow attacks, ARP spoofing ,V LAN hopping attack, STP attacks, Dos attacks, DHCP snooping It also included security controls for authentication : AAA, Radius ,TACTACS+,802.1x, ACLs,port security,syslog,Control plane policing, URPF Best practices in implementing Security It’s a famous Saying in the industry :” Security is only as strong as your weakest link” Part1 CAM overflow attack: Attacker floods CAM table of the switch by sending more mac addresses than a switch can handle a switch cam table  can handle about 5096 addresses after which a switch works as a hub and starts forwarding traffic to every port except the receiving port . The attacker then sniffs the traffic. If we are using KALI  to exploit this the below command is used Command :macof –I eth0 Mitigation: Port Security
  • Allows you to specify MAC addresses for each port, or to learn a certain number of MAC addresses per port
  • Upon detection of an invalid MAC block only the offending MAC or just shut down the port
Smart CAM table
  • Never overwrite existing entries
  • Only time-out inactive entries
  • Active hosts will never be overwritten
Speak first
  • Deviation from learning bridge: never flood
  • Requires a hosts to send traffic first before receiving
ARP spoofing: The attacker wants to trick the victim in believing he is the forwarding gateway by spoofing its mac address and sending arp replies  if the victim receives the broadcast of the  attacker before the legitimate gateway it believes that the attacker is the gateway. If we are using KALI  to exploit this the below command is used
  • Echo l>proc/sys/net/ipv4/ip_forward (broadcast arp replies)
  • Iproute (to find ip address of the gateway)
  • Ifconfig(to get mac address of interface)
  • Arpspoof –I eth0 –t 192.168.1.86
 Mitigation:
  • ARP spoofing works only within one VLAN
  • static ARP table on critical stations (but dynamic ARP override static ARP on most hosts!)
  • ARP ACL: checking ARP packets within a VLAN
    • Either by static definition
    • Or by snooping DHCP for dynamic leases
  • No direct communication among a VLAN: private VLAN
    • Spoofed ARP packet cannot reach other hosts
Part 2 Security controls AAA(authentication authorization accounting) AAA authentication(who is allowed ?)
  • User has authenticated and a session has been established to the AAA server.
  • When the user attempts to enter privileged EXEC mode command, the router requests authorization from a AAA server to verify that the user has the right to use it.
  • The AAA server returns a “PASS/FAIL”
AAA authorization(what he is allowed to do ?)
  • Provides the method for remote access control.
  • Including one-time authorization or authorization for each service, per-user account list and profile, user group support, …
  • Once a user has authenticated, authorization services determine which:
  • Resources the user can access.
  • Operations the user is allowed to perform.
  • g., “User ‘student’ can access host serverXYZ using Telnet only.”
  • As with authentication, AAA authorization is configured by defining a “named” list of authorization methods, and then applying that list to various interfaces.
AAA accounting (what did the user do ?)
  • Provides the method for collecting and sending security server information.
  • Used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands, number of packets / bytes, …
  • With AAA accounting activated, the router reports user activity to the TACACS+ security server in the form of accounting records.
  • Accounting is configured by defining a “named” list of accounting methods, and then applying that list to various interfaces.
802.1x 802.1x is an IEEE Standard for Port Based Network Access Control EAP based Improved user authentication: username and password Can work on plain 802.3 or 802.11 What does it do? Transport authentication information in the form of Extensible Authentication Protocol (EAP) payloads. The authenticator (switch) becomes the middleman for relaying EAP received in 802.1x packets to an authentication server by using RADIUS to carry the EAP information. Three forms of EAP are specified in the standard EAP-MD5 – MD5 Hashed Username/Password EAP-OTP – One-Time Passwords EAP-TLS – Strong PKI Authenticated Transport Layer Security (SSL) - Preferred Method Of Authentication. Above is just a gist to sum up the session. The session was 4 hours long with 101 slides the content was widespread research work I put together in the last 3 months my motivation is been the moderators , professors and my love for my job . The session was  published on all social media platforms the content is for display on the above mentioned link .Conducting this session has instilled confidence in me  and I am thankful to the audience who see to  make it for the session even if it means on sacrificing their  weekend, also being attentive  and interactive . It gives me a feeling of accomplishment . Also it’s transformed to  a medium which makes my mentors , family members and friends proud with  joy for my research . The community is growing and i hope to do my best for it. Last but not the least I would thank every person who has been a part of this journey with me .

Comments ()


Sign in

Read Next

What is M-commerce and how it's work

Blog banner

Automating OSINT tasks for efficient Cyber Forensics Investigations

Blog banner

Race Condition in Operating Theatre

Blog banner

Linker

Blog banner

Objectives and Functions of Operating System

Blog banner

Real-Time Operating Systems (RTOS) Deep Explanation

Blog banner

Music

Blog banner

Data Warehouse Bus Matrix

Blog banner

Install Ubuntu Easily

Blog banner

Types of OS

Blog banner

Cyber Forensics on IOT Devices

Blog banner

AutoML: The Future of Automated Data Science

Blog banner

How to Manage Employees and Tasks in One System (Without Excel)

Blog banner

Metasploit

Blog banner

Service Catalogue Management

Blog banner

Data Mining

Blog banner

Data Science & AI

Blog banner

DATA WRANGLING

Blog banner

Different types of scam frauds

Blog banner

Introduction my self

Blog banner

'Positivity in life'

Blog banner

Wrike

Blog banner

Caching windows

Blog banner

GIS Topography

Blog banner

Virtual Memory - Explaination, Working, Steps

Blog banner

How to grow followers on Instagram business account?

Blog banner

Building a Better You: Fitness Tips and Inspiration.

Blog banner

Importance Of Time

Blog banner

EVOLUTION OF THE MIRCOPROCESSOR

Blog banner

BENIFITS OF YOGA

Blog banner

History of Money

Blog banner

Topic: Sessions in Operating system

Blog banner

Pro-Tips On How To Keep your Foot Healthy

Blog banner

Data Science in Healthcare: Predicting Diseases

Blog banner

MPL and how its effects?

Blog banner

Random Forests

Blog banner

EVOLUTION OF MICROPROCESSOR

Blog banner

Deadlock

Blog banner

LiquidPlanner

Blog banner

GIS REMOTE SENSING

Blog banner

LTE Technology

Blog banner

Life lesson

Blog banner