| < Day Day Up > |
|
Network analysis is capturing and decoding network data.
Network analyzers can be hardware or software, and are available both free and commercially.
Network analyzer interfaces usually have three panes: summary, detail, and data.
The five parts of a network analyzer are: hardware, capture driver, buffer, real-time analysis, and decode.
Administrators use network analysis for troubleshooting network problems, analyzing the performance of a network, and intrusion detection.
When intruders use sniffers, it considered is a passive attack.
Intruders use sniffers mostly to capture user names and passwords, collect confidential data, and map the network.
Sniffers are a common component of a rootkit.
Intruders are using sniffers to control backdoor programs.
Ethernet is a shared medium that uses MAC, or hardware, addresses.
The OSI model has seven layers and represents a standard for network communication.
Hubs send out information to all hosts on the segment, creating a shared collision domain.
Switches have one collision domain per port and keep an address table of the MAC addresses that are associated with each port.
Port mirroring is a feature that allows you to sniff on switches.
Switches make sniffing more difficult, however the security measures in switch architectures can be overcome by a number of methods, thus allowing the sniffing of traffic designated for other computers.
Sometimes sniffers can be detected on local systems by looking for the promiscuous mode flag.
There are several tools available that attempt to detect promiscuous mode by using various methods.
Carefully monitoring your hosts, hub and switch ports, and DNS reverse lookups can assist in detecting sniffers.
Honeypots are a good method to detect intruders on your network who are attempting to use compromised passwords.
Newer sniffers are smart enough to hide themselves from traditional detection techniques.
Switches offer some, but little protection against sniffers.
Encryption is the best method of protecting your data from sniffers.
SSH, SSL/TLS, and IPSEC are all forms of VPNs that operate at various layers of the OSI model.
IPSec tunnel mode can protect the source and destination addresses in the IP header by appending a new header.
Make sure you have permission to use a sniffer on a network that is not your own.
Read the appropriate use policies of your ISPs before using a sniffer.
If you are hired to assess a computer network, and plan to use a sniffer, make sure you have some sort of non-disclosure agreements in place, because you may have access to confidential data.
One-time passwords render compromised passwords useless.
E-mail should be protected while in transit and storage with some type of data encryption method.
| < Day Day Up > |
|