Securing Your Networks

Network hardening
The process of securing a network by reducing its potential vaulnerabilities through configuration changes specific steps
Implicit deny
A network security concept where anything not explicitly permitted or allowed should be denied
Analyzing logs
The practice of collecting logs from different network and sometimes client devices on your network, then performing an automated analysis on them
Logs analysis systems are configured using defined rules to match interesting or atypical log entries.
Normalizing log data is an important step, since logs from different devices and systems may not be formatted in a common way
Correletion analysis
The process of taking log data from different systems and matching events across the systems
post-fail analysis
Flood Guards
Provide protection against DoS or deniel of service attacks
Network seperation

DHCPDISCOVER
Rouge DHCP server attack
DHCP snooping
Dyanamic ARP inspection
IP Source Guard
802.1X
Extensible Authentication Protocol(EAPOL)
EAP-TLS
An authentication type supported by EAP that uses TLS to provide mutual authentication of both the client and authenticating server

Firewalls
Proxies
VPNs
VPNs are commonly used to provide secure remote access, and link two networks securily
proxy server
HAPROxy
Nginx
Apache web server

Wi-Fi Protected Access
WPA
Designed as a short-term replacement that would be compatible with older WEP-enabled hardware with a simple firmware update
Temporary Key Integrity Protocol
Under WPA, the pre-shared key is the WiFi password you share with open when they come over and what to use your wireless network
Pasword-Based Key Derivation Funtion 2
CCMP
Counter Mode CBC-MAC Protocol
Four-way handshake
-Pairwise transient Key
PMK
AP nonce
Client nonce
AP MAC address
Client MAC address
WPA2-Enterprise
WPA2-Personal
WPA2-PSK
PIN entry authentication
NFC or USB
Push-button authentication
Rainbow tables

802.1X with EAP-TLS
If 802.1X is too complicated for a company, the next best alternative would be WPA2 with AES/CCMP mode.
A long and complex passphrases that wouldn’t be found in a dictionary would increase the amount of time and resources an attacker would need to break the passphrase
If your company values security over convinience, you should make sure that WPS isn’t enabled on your APs.

Packet sniffing(packet capture)
The process of inercepting network packets in their entirety for analysis.
promicuous Mode
A type of computer networking operational mode in which all network data packets can be accessed and viewed by all network adapters operating on this mode
Port mirroring
Allows the switch to take all packets from a specified port, port range, or entire VLAN and mirror the packets to a specified switch port
Monitor mode
Allows us to scan across channels to see all wireless traffic being sent by APs and client

Tcpdump
A super popular, lightweight, command-line based utility that you can use to capture and analyze packets.
Wireshark
http.request.uri matches “q=wireshark”
Traffic analysis

IDS or IPS systems operate by monitoring network traffic and analyzing it.

network Intrusion Detection system(NIDS)
The detection system would be deployed somewhere on a nettwork where it can monitor traffic for a network segment or subnet.
Network Based IDS
Host Based IDS
Port mirroring functionality
snort
suricata
Bro NIDS
Network Intrusion Prevention System