Welcome to another deep dive. Today. We're going to be looking at network security, yeah, and going beyond the basics to really get into some of the practical attack and defense techniques. And for this deep dive, we're using the book Understanding Network Hacks, Attack and Defense with Python three. That's right, Yeah, and it's really cool because it's like a hacker's playbook. But we're going to be focusing on the defense side of things exactly.
We're going to try to get into the mind of an attacker so you can be better prepared to defend your own systems.
I like it. So we're going to start with some of the core networking concepts just to get us all on the same page for sure.
Got to build that foundation.
Yeah, and then we'll dive into some real world attack techniques and how those can be used to exploit vulnerabilities in different well, I guess network protocols, right, Yeah. So let's start with something I think most people think is pretty secure. Ethernet. Okay, those physical cables, you know, plugged in, what could go wrong?
Right? You would think that, right, Yeah, But every device on an Ethernet network has what's called a massy address and it's like a unique identifier for that device.
Yeah, like a digital fingerprint. I've heard it.
Called exactly, And a lot of people assume those are unspoofable, so to speak.
Wait, spoofed. Hold on, how is that even possible? I thought MC addresses were hard coded into the hardware.
They are, but an attacker can still send out data packets that make it look like it's coming from a different MC address. Okay, So they could pretend to be your printer for example. Oh sneaky, and your computer wouldn't know the difference.
Oh wow.
So that's why AMT address filtering by itself isn't enough for security.
So even if you have a list of approved devices, someone could still slip through by faking their ID.
Precisely. It shows how we need multiple layers of security.
You know, there's a little unsettling.
Yeah. And another thing about Ethernet is how it handles all the traffic. It uses this thing called CSMACD.
Okay, what is that? Exactly?
It stands for a Carrier Sense multiple Access with Collision detect and basically it's how Ethernet avoids those data collisions, you know, when multiple devices try to send stuff at the same time.
Okay, so it keeps things running smoothly. Yeah. Does that have any impact on security though not directly.
But it's important to remember that while it manages the flow of traffic, it doesn't actually prevent attackers from sniffing that data.
Sniffing, yeah, like listening in on conversation exactly.
All that data going across the network is traveling in these little packets, and anyone with the right tools and access can capture and analyze those packets.
Okay, So what about VLANs then, aren't they supposed to like segment the network and add an extra layer of security.
Yeah, a lot of people think that. Okay, but it's kind of a myth. VLANs are great for network management, but they don't offer that hardcore security that some people expect. An attacker can jump between VLANs using certain techniques, you know, and totally bypass those separations.
You mean, even with VLANs in place, shouldn't get complacent about security.
Absolutely, you need other security measures, you know, like firewalls, intrusion detection systems, that kind of thing to really lock things down.
Okay, So before we go any further, I think we should back up a bit. Okay, how do devices actually find each other on a network.
Ah. That's where ARP comes in, the Just Resolution protocol. It's how devices figure out each other's MC addresses.
Right right, Because you might know a device's IP address, but you need its MSI address to actually, you know, send it data exactly.
So your computer will send out what's called an ARP request okay, And it's basically like saying, hey, who has this IP, what's your MC and then the device with that IP address will respond with its MC address.
Okay. What's the security problem there?
Well, this whole process relies on trust, right, And what if an attacker sends out fake ARP.
Responses, Oh, I see where you're going with this?
They can poison the ARP cash you know, and then other devices believe that the attacker's MC address is the real one, so.
The attacker can trick devices into sending their traffic to the wrong place exactly.
That sets the stage for all sorts of attacks like man in the middle, where the attacker sits between two devices, listening in and even messing with the data.
Man, this is getting interesting. It's crazy how even the most basic network processes have these vulnerabilities just lurking under the surface.
Yeah, it really is.
I am ready to dive deeper into these attack techniques.
Let's do it.
So we talked about ARP and how attackers can manipulate that whole process to get themselves in a prime position, right, So now I want to know what they can actually de with that access.
Okay, Well, once they're there, you know, kind of sitting in the middle of everything, one of their favorite tools is sniffing. Sniffing, Yeah, they can actually capture the data packets as they're flowing between those two devices.
So like a digital eavesdropper exactly. Okay, but would an encryption stop them in their tracks.
It makes it a lot harder, that's for sure, but it's not foolproof. Think of it this way. Even if they can't read the actual message because it's all scrambled, right, they can still see things like the source and destination IP addresses, you know, okay, how much data is being sent, what protocols are being used, that kind of thing.
So even encrypto traffic leave some kind of footprint.
Exactly, and that can tell them a lot about what's going on.
So like who you're talking to, what websites you're visiting, exactly, what kind of information is being exchanged.
Yeah, all of that, and there are really powerful tools out there like TCP dump and wire shark that can capture all this stuff decode it all in real time.
Wow.
The book even shows you how to use like simple Python scripts to analyze network traffic.
So it's not just about stealing passwords anymore. No, attackers can actually glean a lot of intelligence from patterns in network traffic.
Absolutely wow. Okay, Now let's move on to IP spoofing. Okay, this is where the attacker basically disguises themselves as another device on the network.
But wouldn't the system, you know, be able to tell that that IP addresses fake?
Well, the Internet relies on a lot of trust, you know, and attackers exploit that, right, So they carefully craft packets make it look like that traffic is coming from a legitimate source.
It's like a digital mask.
Yeah pretty much.
Okay, So then what can they do with that?
Oh, all sorts of things you know, bypass access controls, inject data into the network, even launch a denial of service attack.
A denial of service attack, those are the ones that like take websites offline.
Right, yeah, exactly.
Okay.
One example the book covers is something called a s yn flood attack. Okay, Now, remember that TCP three way handshake we talked about earlier.
Vaguely remind me how that works again.
Sure, So it's basically how two devices establish a TCP connection, right, uh huh. The client sends a syn packet, the server responds with the syn ack packet. Okay, and then the client completes the handshake by sending an ack packet.
Got it.
Now. In an s yn flood attack, what happens is the attacker bombards the server with all these syn packets, but they never complete the handshake because.
They're using spoofed IP addresses exactly.
So the server gets all bogged down with all these half open connections. Oh and legitimate users can't get through.
So it's like calling a restaurant and tying up all the lines so that no one else can make a reservation.
Perfect analogy.
I like that.
And these attacks are surprisingly easy to launch. You know, the book actually shows you how to write a basic syn floodscript in Python.
No way. Yeah, it's a little alarming.
It is. But there are ways to defend against these attacks, you know, like syn cookies, which is a technique servers can use to kind of change up that handshake process and make it harder for attackers to exploit it. Okay, so there's this constant back and forth between the attackers and the defenders.
Gotcha.
What attackers can do depends a lot on what doors they can find.
Open doors, you mean, like open ports on a computer.
Exactly. Every computer has these virtual ports, and each port is associated with a specific service like web browsing or email, and attackers use something called port scanning to find those open and vulnerable ports.
So they're like checking all the windows and doors to see if they can get in.
Yeah, that's a good way to put it. They use tools to probe different ports and see which ones are open and listening. Okay, and once they find one, they can start exploring for weaknesses in that service.
It's like casing the joint, you know, like a burglar figuring out how to break in exactly. Wow. Okay, so we've seen how attackers can spy on traffic right impersonaid devices, overload systems. Now I want to know what happens when they're actually inside the network.
Well, one thing they can do is something called session hijacking. Okay, This is where they take over an existing connection between two parties.
Like if I'm logged into my bank account, yeah, exactly, and an attacker can just jump in there.
They can try to insert themselves into that session, so.
They could see everything I'm doing. Potentially it even like make transactions or something.
That's the danger.
Yeah, yeah, well that's terrifying. But how do they actually do that.
There's a few different techniques. One common one is exploiting weaknesses in how the session is managed. You know, like if a website doesn't properly validate those session IDs, an attacker might be able to guess or steal one and then use it to impersonate you.
It sounds like they're stealing your digital identity in a way. Yeah, gosh, this is heavy stuff. It seems like everywhere you turn there's another vulnerability.
It can seem that way. But don't worry. We're not done yet. We've got to talk about specific protocols like DNS, HTTP, HGTPS, even Wi Fi and Bluetooth. Lots more to uncover there.
All right, let's do it, all right, let's dive into some of those specific protocols out DNS for starters, It's like the Internet's phone book. It translates those domain names into IP addresses exactly. But how is that vulnerable to attack?
Well, it's actually pretty fascinating how such a you know, fundamental system can have these weaknesses. One really common attack is DNS spoofing. Imagine you're trying to go to your bank's website, right right. An attacker could intercept that DNS request that your computer sends out and send back a fake response, redirecting you to a malicious site that looks exactly like the real deal.
So you could end up entering your login and password on a fake site and not even.
Know it exactly. That's the whole danger there. Wow, And you know the book goes beyond just that basic DNS spoofing too, really Yeah, it gets into some lesser known but just as dangerous attacks. Oh like what, Well, there's one called DNS dictionary mapping, okay, and this is a way for attackers to basically, you know, gather intel on a network. They use DNS queries to scan for servers within an organization, almost like they're trying to map out the entire structure of the network.
So they're like scoping out the play.
Exactly like a digital burglar, you know, looking for potential targets, weak points.
Wow, okay, and then.
There's the zone transfer attack.
What's that?
This is where an attacker tries to actually download and entire domains DNS records so.
They get like a blueprint of the whole infrastructure.
Yeah, basically that's wild.
Okay. Moving on to HTTP. Right, that's the protocol that powers the web. But I always hear about how it's transmitting data in plain text, which seems like a huge E security risk.
Well, it definitely can be, especially when you're dealing with things like passwords and credit card numbers.
Right.
The book actually walks you through the anatomy of an HTTP request okay, breaks down the different methods like EET, post, and head, and it talks about those little text files that website store on your computer, you know, cookies.
Cookies.
A lot of people think they're totally harmless, but I mean, what's the risk. They can be used to track your browsing activity and they often store sensitive information like session IDs. Right, so an attacker who gets their hands on your cookies could do some damage. Like what, Well, they could manipulate the data, try to gain unauthorized access even hijack your entire session.
Hold on session hijacking again, Yep, it's a big one. So like they could take over my online banking session.
It's possible.
Yeah, man, this is scary stuff.
It is. And there's more. The book also covers things like directory traversal attacks, where attackers try to access files outside the web directory could be sensitive stuff in there. Then you got your sqel injection attacks, command injection attacks.
So many ways to attack.
Yeah, web developers have a lot to worry about. But hey, at least we have HTTPS now right right, A little padlock.
In your browser that makes me feel safe.
Definitely a huge improvement. It uses something called ssltls uh huh to encrypt that channel between your browser and the website.
Okay, but here's the thing.
Even HTTPS can be vulnerable.
Wait seriously, So even that padlock is in a guarantee unfortunately not.
It all comes down to how it's implemented. See the book talks about certificate a thought. Okay, those are the organizations that issue the digital certificate.
Right to verify that a website is legitimate.
Exactly, and if one of those CAAs gets compromised, they can issue fake certificates.
So you can have a padlock, think everything's safe, and still be vulnerable exactly.
And that's how man in the middle attacks can still happen even with https.
Gosh, that's unsettling. Is it even possible to stay safe online?
Well, it takes vigilance, for sure, keeping your browser, your operating system up to date with those security patches, right, being careful about what websites you visit, what information you share online, okay, and of course using strong, unique passwords for every account makes sense.
It sounds like it's this constant arms race.
You know it is in a way. Wow, the attackers are always trying to find new exploits and the defenders, well, we got to stay one step ahead, all right.
So we've covered wired networks the web. What about Wi Fi?
Ah? Wi Fi?
I use it all the time, but I gotta admit I don't really understand how it works.
Well. Wi Fi uses the ATO two two point one one protocol, okay, and the book digs into how that works, explores the different ways it can be attacked. Well, there's those probe requests and responses. It's basically how devices discover Wi Fi networks and connect to them.
So like a little digital handshake.
Yeah exactly, but attackers can actually set up these fake access points oh wow, mimic legitimate networks to try and trick your device into connecting.
So how do you know if a network is the real deal?
It can be tough, you know, look for strong passwords, make sure encryption is enabled, right, and be extra careful on those public Wi Fi networks, especially the ones that don't have any password protection.
Yeah, that makes sense.
And speaking of passwords, remember those different Wi Fi security protocols.
Oh we got like WEPWPA two right, The book talks about how Wi Fi security has evolved over time.
WEP is totally outdated, easy to crack. Okay, WPA was a step up, and WPA two with AES encryption is the most secure right now. But even WPA two has its vulnerabilities seriously, especially if it's not configured properly.
So keeping my routers firm where updated is important.
Absolutely and definitely disable WPS if you can ws. Yeah, WiFi protect it setup. It's supposed to make things easier, but it can actually make your network easier to hack.
Gotcha, okay, last one Bluetooth Okay, it's short range, right, so are there really any serious security.
Risks, you'd be surprised. Bluetooth has its own set of vulnerabilities. The book breaks down that whole Bluetooth protocol stack, explains how attackers can sniff those communications, exploit weaknesses and things like the obx protocol, which is used for file transfers a lot.
Wait, so even my wireless headphones could be a security risk.
They could be. Yeah, there's attacks like bluejacking where someone sends you spam messages. Oh yeah, blue snarfing where they try to steal your information, and even more advanced attacks like bias, knob and blueborn that target specific vulnerabilities and how Bluetooth is implemented.
Wow, so much to think about. It really seems like every aspect of networking has its own unique set of challenges.
It's true, but hey, knowledge is power, right, That's what they say. Understanding these attack techniques is the first step in defending yourself.
I feel like I've learned so much in this deep dive. It's really been eye opening.
I'm glad to hear that. And remember this is just scratching the surface, I know, right, There's always more to learn, and things are always changing in the world. Of cybersecurity, that's for sure, So stay curious, stay informed, and most importantly, stay safe.
Great advice and for our listeners, if any of this sparked your interest, I highly recommend checking out Understanding Network Hacks, Attack and Defense with Python three great book. It's really a fascinating read for anyone who wants to delve deeper into this world of network security. Definitely, until next time, happy hacking the ethical kind of course.