Yoram Orzach - Network Protocols for Security Professionals: Probe and identify network-based vulnerabilities and safeguard against network protocol breaches

Copyright 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Early Access Publication: Network Protocols for Security Professionals

Early Access Production Reference: B13010

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK

ISBN: 978-1-78995-348-0

Welcome to Packt Early Access. Were giving you an exclusive preview of this book before it goes on sale. It can take many months to write a book, but our authors have cutting-edge information to share with you today. Early Access gives you an insight into the latest developments by making chapter drafts available. The chapters may be a little rough around the edges right now, but our authors will update them over time. Youll be notified when a new version is ready.

This title is in development, with more chapters still to be written, which means you have the opportunity to have your say about the content. We want to publish books that provide useful information to you and other customers, so well send questionnaires out to you regularly. All feedback is helpful, so please be open about your thoughts and opinions. Our editors will work their magic on the text of the book, so wed like your input on the technical elements and your experience as a reader. Well also provide frequent updates on how our authors have changed their chapters based on your feedback.

You can dip in and out of this book or follow along from start to finish; Early Access is designed to be flexible. We hope you enjoy getting to know more about the process of writing a Packt book. Join the exploration of new topics by contributing your ideas and see them come to life in print.

1. Data Centers and the Enterprise Network Architecture and its Components
2. Network Protocol Structures and Operations
3. Security Protocols and Their Implementation
4. Using Network Security Tools, Scripts and Codes
5. Finding Protocol Vulnerabilities
6. Finding Network-Based Attacks
7. Finding Device-Based Attacks
8. Network Traffic Analysis and Eavesdropping
9. Using Behavior Analysis and Anomaly Detection
10. Discovering LANs, IP, and TCP/UDP-Based Attacks
11. Implementing Wireless Networks Security
12. Attacking Routing Protocols
13. DNS Security
14. Securing Web and Email Services
15. Enterprise Applications Security - Databases and Filesystems
16. IP Telephony and Collaboration Services Security

Communication networks have long been a critical part of any organization. Protecting them against risks of all kinds, especially security risks, is critical to the operation of the organization. Understanding the structure of data networks will help you understand network vulnerabilities, where they exist, and where and how we can protect against them.

This chapter provides a preview of a data networks structure and weakness points. We will also describe the hardware, software, and protocols involved in the network, as well as their potential vulnerabilities. We will talk about the traditional structure of enterprise networks and data centers, network components and their connectivity, and understand the data flows in the network. Finally, we will explain the evolving software-defined networking (SDN) and network function virtualization (NFV) technologies and their impact on data networks, along with the networking and security considerations of cloud connectivity.

In this chapter, were going to cover the following main topics:

• Exploring networks and data flows
• The data center, core, and user networks
• Switching (L2) and routing (L3) topologies
• The network perimeter
• The data, control, and management planes
• SDN and NFV
• Cloud connectivity
• Types of attacks and where they are implemented

Network architecture is about how the building blocks of the networks are connected; data flows are about the information that flows through the network.

Understanding the network architecture will assist us in understanding the weak points of the network. Data flows can be manipulated by attackers to steal information from the network. By diverting them in the attacker's direction, the attacker can watch information running through the network and steal valuable information.

To eliminate this from happening, you must understand the structure of your network and the data that flows through it. A typical data network is built out of three parts:

• The data center, which holds the organization's servers and applications.
• The core network, which is the part of the network that is used to connect all the parts of the network, including the users network, the data centers, remote networks, and the internet.
• The users network, which is the part of the network that is used for the users connectivity. The user network is usually based on the distribution and access networks.

These parts are illustrated in the following diagram:

In the top-left corner, we can see the main data center, DC-1. The users network is located in the data center site; that is, Users-1. In the top-right corner, we can see a secondary data center, DC-2, with a users network located on the secondary data center site. The two data centers are connected to the internet via two firewalls, which are located in the two data centers.

In the center of the diagram, we can see the Wide Area Network (WAN) connectivity, which includes the routers that connect to the service providers (SPs) network and the SP network that establishes this connectivity.

In the lower part of the diagram, we can see the remote sites that connect to the center via the SP network.

Now, lets focus on the protocols and technologies that are implemented on each part of the network.

First, lets see what the areas in the organizations data network are. The data center is the network that holds the majority of the organization's servers. In many cases, as shown in the following diagram, we have two data centers that work in high availability mode; that is, if one data center, fails the other one can fully or partially take its place.