We will specifically focus on Cisco routers. This is primarily because Cisco has the greatest market share Internet-based Routers. Additionally, the Cisco IOS as perhaps the most universal feature set comprehensively covering many options. The addition of stateful packet filtering all stateful inspection and a wide range of protocols that are supported (dependent on licensing) make Cisco the ideal subject for discussions of router audits.
We look at testing systems over the network. System testing is possible over the network, and provides
a means to test compliance with:
- Change control processes,
- Patching and vulnerability mitigation,
- Malware (ensuring that no additional ports are listening),
- Basic Security configurations,
- Baselines Tests of systems, and
- Ensuring that no new or unauthorized hosts or networks have been connected.
System testing requires knowledge of many system types. In addition to Windows, the tester needs to understand the Linux and *NIX operating systems. Even in the most Windows focused network, it is common to discover a *NIX system running an oft overlooked but essential function that is critical to the organisation.
There are a variety of ways in which a user can authenticate in UNIX. The two primary differences involve authentication to the operating system against authentication to an application alone. In the case of an application such as a window manager (e.g. X-Window), authentication to the application is in fact of authenticating to the operating system itself. Additionally, authentication may be divided into both local and networked authentication.
Let’s take a detailed look at the Table of Contents:
Chapter 1: Auditing Cisco Routers and Switches
Functions of a Router, Architectures and Components; Modes of Operation; Configuration Files and States; How a Router Can Play a Role in your Security Infrastructure; Router Technology, a TCP/IP Perspective; Understanding the Auditing Issues with Routers; Password Management; Sample Router Architectures in Corporate WANs; Router Audit Tool (RAT) and Nipper; RAT; Nipper; Security Access Controls Performed by a Router; Security of the Router Itself and Auditing for Router Integrity; Identifying Security Vulnerabilities; Audit Steps over Routers; Show access-lists; Sample Commands; Cisco router check lists
Chapter 2: An Introduction to Network Audit
What is a Vulnerability Assessment?; The importance of Vulnerability Assessments; A Survey of Vulnerability Assessment Tools; Network Mapping; Pre-Mapping Tasks; What the Hackers Want to Know; Auditing Perimeter Defenses; Auditing Routers, Switches and other network infrastructure; The Methodology; Protection Testing?; Miscellaneous Tests; Network and Vulnerability Scanning Nessus; Essential Net Tools (EST); CIS – Cerberus Internet Scanner
Chapter 3: GPEN Study Guide
Pen-testing Process; Legal Issues; Reconnaissance: Inventory, Whois, Web Reconnaissance, Metadata, DNS 73; Intro to Linux: Outcome Statement, Shell History, Basic UNIX commands, The Essential Commands, File Commands, Finding out about other users on the system, Authentication and Validation, Usernames, UIDS, the Superuser, File System Access Control; Scanning Goals and Techniques; Network Tracing, Scanning, and Nmap: Network Tracing using Traceroute, Traceroute, Port Scanning Fundamentals, Port Scanning with NMAP, Amap Scanner; Vulnerability Scanning; Enumerating Users: Methods of Acquisition, Unix/Linux Accounts, Windows Accounts; Netcat and Hping; Exploitation: Exploitation?, Exploitation Categories, Exploitation, Metasploit; Command Shell vs. Terminal Access: Command Shell vs. Terminal Access, Windows Targets, Linux Targets, Relays; Remote Command Execution; Password Attacks: Password Attacks: Motivation and Definitions, Password Attack Tips, Dealing with Account Lockout, Password Guessing with THC-Hydra, Password Attacks, Obtaining, Password Hashes – Windows, Linux and Unix Password Schemes, John the Ripper, Cain, Rainbow Table Attacks, Ophcrack Exercise, Pass-the-Hash Attacks, When to use which password attack?; Wireless Fundamentals: Cloaked ESSIDs, Locating Access Points, Wireless Client Attacks, Traffic Injection, Airpwn, Session Hijacking, Access Point Impersonation, Karma, Karma Metasploit Integration; Web Application Overview: Injection Attacks, Cross Site Request Forgery (XSRF) Attacks, Cross Site Scripting Attacks, Command Injection, SQL Injection, Blind SQL Injection
Chapter 4: 100+ Unix Commands
Introduction and objectives; Basic UNIX commands; The Essential Commands; Authentication and Validation; File System Access Control; Restricting Superuser Access; Finer Points of Find; Finding out About the System Configuration; What Tools to Use; Password Assessment Tools; Controlling Services; Enabling .rhosts; Kernel Tuning for Security; Security and the cron System; Backups and Archives; Logging; Tricks and Techniques; Appendixes; “uname”; Command Summary