Lecture on Network Security Threats and Protections
DHCP Security Concerns
- DHCP Protocol: Provides IP address, subnet mask, default gateway, etc.
- Lack of Security: No security built into DHCP; responses can come from any device.
- Rogue DHCP Servers:
- Can issue duplicate or invalid IP addresses.
- May cause network disruptions and prevent internet connectivity.
- Must be identified and removed.
- Requires renewing all IP addresses to ensure legitimacy.
- Prevention Methods:
- DHCP Snooping: Enterprise switches feature that validates legitimate DHCP responses.
- Active Directory Configuration: Authorizes specific DHCP servers.
Rogue Access Points
- Overview: Easily purchased and connected, often without malicious intent.
- Security Risks:
- Uncontrolled access to the network.
- Easy unauthorized access without proper security.
- Prevention:
- Conduct regular network scans and physical checks.
- Implement 802.1x (Network Access Control) to require authentication before network access.
Wireless Evil Twin
- Definition: A malicious access point designed to mimic a legitimate one.
- Characteristics:
- Similar SSID and security settings.
- Often stronger signal to become the primary choice for connections.
- May have identical captive portal configurations.
- Protection:
- Always use encrypted communication (VPN/HTTPS).
- Man-in-the-Middle (On-Path Attack):
- Description: Attacker intercepts and potentially modifies communication between devices.
- Example: Wireless evil twin acts as an on-path attack.
Types of On-Path Attacks
- ARP Poisoning: Spoofing IP addresses to intercept communications.
- Session Hijacking: Taking control of a session between two parties.
- HTTPS Spoofing: Trick users into connecting to a fake secure site.
- Wi-Fi Eavesdropping: Intercepting data transmitted over wireless networks.
General Protection Against On-Path Attacks
- Encrypt Data: Ensures intercepted data remains unreadable to the attacker.
These notes cover the key topics discussed in the lecture on network security threats and protections related to DHCP, rogue access points, and on-path attacks.