Network Security and Rogue Devices

DHCP Protocol and Security

DHCP (Dynamic Host Configuration Protocol):
- Assigns IP addresses, subnet masks, default gateways.
- Lacks security; any device can respond to DHCP requests, legitimate or rogue.
Risks of Rogue DHCP Servers:
- Can distribute duplicate or invalid IP addresses.
- Can lead to network disruptions and inability to connect to the internet.
Preventative Measures for Rogue DHCP Servers:
- DHCP Snooping:
  - Feature in enterprise switches.
  - Inspects DHCP requests, allows only legitimate server responses.
- Microsoft Active Directory:
  - Authorizes specific DHCP servers to assign IP addresses.
- Response to Rogue DHCP Server:
  - Remove rogue server from network.
  - Renew IP addresses for all devices to ensure legitimacy.

Definition and Risks:
- Unauthorized wireless access point connecting to network.
- Can be unintentionally set up by employees.
- Risks include unauthorized network access and security breaches.
Detection and Prevention:
- Conduct periodic network scans or physical walkthroughs with wireless analyzers.
- 802.1X Network Access Control:
  - Requires authentication before network access.
  - Protects against unauthorized access even if a rogue access point is connected.

Concept:
- Malicious access point mimicking legitimate network.
- Uses similar SSID, security settings, or captive portal.
- Often increases radio power to overpower legitimate access points.
Mitigation:
- Always use encrypted communication (VPN, HTTPS).

Definition and Methods:
- Also known as "man-in-the-middle" attacks.
- Attacker intercepts and possibly alters data between two parties.
Examples of On-Path Attacks:
- Wireless Evil Twin: Example of on-path attack.
- ARP Poisoning: Spoofs IP address to intercept conversations.
- Session Hijacking, HTTPS Spoofing, Wi-Fi Eavesdropping.
Preventative Measures:
- Encrypt data to prevent unauthorized access to communication.
- Use secure protocols and ensure data confidentiality.