Description: Paul Coggin is an internetwork consulting solutions architect with Dynetics, a Huntsville, Ala.-based mid-tier company that provides complete lifecycle analysis, engineering, information technology and hardware solutions to support customer missions. At DeepSec 2014 he talks about the many ways networks can be attacked and exploited by third parties (usually intruders, but you never know these days).
„Learn about network attack vectors that an adversary can use to control, and influence network traffic flows and exfiltrate data by exploiting network devices and protocols in the LAN, WAN and Cloud. Defensive methods and techniques for monitoring and protecting against the outlined attack vectors will be discussed. This presentation explores advanced methods and techniques that penetration testers, network engineers and security auditors need to understand about network infrastructure and protocols.
Strategies for attacking network infrastructure
Undocumented method for tunneling IPv6
Layer 3 LAN based MITM attack
Methods for exfiltrating data from the core network infrastructure including MPLS core network infrastructure
Router tricks that penetration testers need to know
Often over looked network trust relationships, integration, dependencies and interdependencies
Features hackers know about routers that need to be understood by auditors and network administrators.
Switch security the Achilles heel of networks everywhere and what to do about it.
Ensure that you know when someone is twisting and bending your network infrastructure to suit their purposes
Advanced service provider technologies that be utilized by an attacker to enable data exfiltration and WAN based
MITM attack vectors, manipulate and override routing paths.“
For More Information Please Visit:- https://www.deepsec.net
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.