Presentation is loading. Please wait.

Presentation is loading. Please wait.

Router and Switch Security By: Kulin Shah Krunal Shah.

Published byPrimrose Morrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Router and Switch Security By: Kulin Shah Krunal Shah."— Presentation transcript:

1 Router and Switch Security By: Kulin Shah Krunal Shah

2 LAB GOAL This lab will introduce students to the concept of security of network devices Few attacks on routers as well as switches and their countermeasures

3 PHYSICAL ACCESS COMPROMISE We will use the virtual XP machine and one Cisco router and switch on the playstation to carry out the attack. we assume that the attacker has physical access to the router Connect a console cable from routers console port to the serial port of the computer Configure the settings are as shown below Set "Bits per second" to 9600 Set "Data Bits" to 8 Set "Stop Bits" to 1 Set "Flow control" to none

4 Router break-in Send a break signal to the router within 60 seconds of the power up will put the router into the ROM monitor (ROMMON) mode. The break sequence would depend on your terminal emulation program. The break signal for the HyperTerminal is (CTRL-BREAK) So basically aim is to make it boot from the ROM than the NVRAM

5 *** System received an abort due to Break Key *** signal= 0x3, code= 0x500, context= 0x813ac158PC = 0x802d0b60, Vector rommon 1 > confreg 0x2142 rommon 2 > reset System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)Copyright (c) 1999 by cisco Systems, Inc.TAC:Home:SW:IOS:Specials for infoC2600 platform with 32768 Kbytes of main memory program load complete, entry point: 0x80008000, size: 0x6fdb4c Self decompressing the image : ############################################################ ############################################################ ############################################################ ############################################################ ######## [OK]

6 Copy the NVRAM config file into RAM with copy start run Whoa!! Counter measure : block the break signal dropping an attacker into ROMMON on a Cisco router using no service password-recovery command

7 PVLAN on CISCO SWITCHES Primarily to achieve isolation without going through the pain of creating VLANS Multiple IPs not required

8 Lab set up for PVLAN

9 EXECUTION

10 HTTP AUTHENTICATION VULNERABILITY When the HTTP server is enabled and local authorization is used on Cisco device. It is possible, to bypass the authentication and execute any command on the device. All commands will be executed with the highest privilege (level 15). All releases of Cisco IOS software, starting with release 11.3 and later, are vulnerable.

11 ATTACK EXECUTION By sending a particular URL to a Cisco IOS device with the HTTP server enabled, a remote attacker may be able to execute commands with the administrator privileges. The malicious URL is of the following form: http:// /level/XX/exec/... XX is a number between 16 & 99. This vulnerability is documented as Cisco Bug ID CSCdt93862

12 VULNERABLE PRODUCTS Cisco devices that may be running with affected Cisco IOS software releases include but are not limited to: Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7100, 7200, ubr7200, 7500, and 12000 series. Most recent versions of the LS1010 ATM switch. The Catalyst 6000 and 5000 if they are running Cisco IOS software. The Catalyst 2900XL and 3500XL LAN switch only if it is running Cisco IOS software. The Catalyst 2900 and 3000 series LAN switches are affected.

13 COUNTERMEASURES Upgrading IOS to 12.0 or later Disabling HTTP Terminal Access Controller Access Control System (TACACS+) or Remote Authentication Dial in Service (Radius) for authentication.

14 MACOF ATTACK When a Layer 2 switch receives a frame, the switch looks in the CAM table for the destination MAC address. If an entry exists for the MAC address in the CAM table, the switch forwards the frame to the port designated in the CAM table for that MAC address. If no entry exists for the MAC address the frame, the switch looks at the source of the frame and adds it to CAM table entry. And the frame is essentially broadcasted on each and every port. This is the mechanism switches used to build their CAM table.

15 ATTACK EXECUTION CAM overflow

16 ATTACK SUCCESSFUL

17 COUNTERMEASURES If no protection against MAC address spoofing is setting up, this attack could succeed. By protecting the interface with “switchport port-security maximum 3” The port shut down after having seen the third different MAC address. Thus this attack has been defeated.

18 CONCLUSION We have exploited some of the vulnerabilities. Due to the ignorance and lack of knowledge of the system administrator it is easy to exploit many such vulnerabilities prevalent in the network devices. This lab aims to educate students about the threats and vulnerabilities existing in the network devices.

19 REFERENCES www.askapache.com www.tech-faq.com www.antionline.com www.cisco.com www.securityfocus.com/infocus/1734 “Virtual LAN Security: weaknesses and countermeasures GIAC Security Essentials Practical Assignment” - Steve A. Rouiller “Hacking Exposed Cisco Security Secrets and Solutions”- Andrew A. Vladimirov, Konstantin V. Gavrilenko, Janis N. Vizulis and Andrei A. Mikhailovsky www.arin.net http://www.cisco.com/warp/public/474/index.shtml http://www.modemsite.com/56k/x2-hyperterm.asp http://www.cisco.com/en/US/tech/tk389/tk390/tk181/tsd_technology_support_sub- protocol_home.htmlhttp://www.cisco.com/en/US/tech/tk389/tk390/tk181/tsd_technology_support_sub- protocol_home.html http://www.cisco.com/warp/public/473/63.html http://www.brandonhutchinson.com/installing_dsniff_2_3.html

20 QUESTIONS??

Download ppt "Router and Switch Security By: Kulin Shah Krunal Shah."

Similar presentations

Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.

Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Introduction to Switched Networks Routing And Switching 2.0.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Introduction to Switched Networks Routing And Switching 2.0.
Routers and Routing Basics WANs And Routers. Intro To WANs.

Routers and Routing Basics WANs And Routers. Intro To WANs.
1 Passwords and Banners Cisco Devices Packet Tracer.

1 Passwords and Banners Cisco Devices Packet Tracer.
CCNA2 MODULE 5.

CCNA2 MODULE 5.
Ch. 6 – Switch Configuration CCNA 3 version 3.0. 2 Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.

Ch. 6 – Switch Configuration CCNA 3 version Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
Ch. 7 – Switch Configuration

Ch. 7 – Switch Configuration
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.
CCENT Review. Put the following descriptions in order from Layer 7 to Layer 1 and give the name of each layer.

CCENT Review. Put the following descriptions in order from Layer 7 to Layer 1 and give the name of each layer.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
1 Semester 2 Module 2 Introduction to Routers Yuda college of business James Chen

1 Semester 2 Module 2 Introduction to Routers Yuda college of business James Chen
1 © 2002, Cisco Systems, Inc. All rights reserved. Router boot procedure.

1 © 2002, Cisco Systems, Inc. All rights reserved. Router boot procedure.
Cisco 2 - Routers Perrine & modified by Brierley Page 18/18/2015 Chapter 5 IOS Internet Operating System (IOS)

Cisco 2 - Routers Perrine & modified by Brierley Page 18/18/2015 Chapter 5 IOS Internet Operating System (IOS)
© 2004 Cisco Systems, Inc. All rights reserved. Managing Your Network Environment Managing Router Startup and Configuration INTRO v2.0—9-1.

© 2004 Cisco Systems, Inc. All rights reserved. Managing Your Network Environment Managing Router Startup and Configuration INTRO v2.0—9-1.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 5 Managing Cisco IOS Software.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 5 Managing Cisco IOS Software.
What is Router? Router is a device which makes communication between two or more networks present in different geographical locations. Routers are data.

What is Router? Router is a device which makes communication between two or more networks present in different geographical locations. Routers are data.
1 Chapter 2 ROUTER FUNDAMENTALS By: Tassos Tassou.

1 Chapter 2 ROUTER FUNDAMENTALS By: Tassos Tassou.
CISCO ROUTER.  The Cisco router IOS  Enhanced editing  Administrative functions  Hostnames  Banners  Passwords  Interface descriptions  Verifying.

CISCO ROUTER.  The Cisco router IOS  Enhanced editing  Administrative functions  Hostnames  Banners  Passwords  Interface descriptions  Verifying.

Similar presentations

Ads by Google