up

2020-02-03

Big project

• Groups of 3 or 4 are ideal
• Short presentation at end of the semester
• something related to network security
• Three things people really like:
  • “here’s this cool tool, or problem, I’ll run the tool, share results”
    • “Here’s this firewall, we looked at what traffic our ISP sends us, here’s results”
  • “We have a lab assignment, let’s add a lot of extra material to it”
  • Replicate the results of a paper from a conference

Past groups:

• Tunneled info out via dns
  • Tunneling is putting x data in y format, to get it somewhere
• Did a lab on exploiting spanning tree protocol

To do:

• Form a team
• choose a topic
• email prof. with the above info
• prof will provide feedback

Review

• DHCP Snooping
  • Switch builds model of IP associations
• Dynamic ARP Inspection
  • Switch blocks ARP replies that don’t match the model

IP Spoofing

Attacker sends message with incorrect source IP address. The victim cannot reply, as the response goes to the machine with that actual address.

If the attacker sends a message with an incorrect IP and mac, they can still be detected with the DHCP snooping table, as the table records associations with switch interfaces.

This completes the pyramid

• Port security
• DHCP Snooping
• Dynamic ARP Inspection
• IP Source Guard

Thusly ends switch security.

Firewalls

Not a wall made of fire. It stops fire.

General principles of a secure system:

• Simplicity
  • Choke point - force attackers to use a narrow channel
  • Least privilege: Don’t allow more than you need
• Defense in depth
  • Have multiple security mechanisms
  • Diversity of defense - have many different security mechanisms
  • More than one thing must go wrong before a system dies
• Fail-safe stance
  • Fail in a way that denies access
• Weakest link
  • one broken link can endanger the network