Network Security Principles & Practices– Chapter 3 – Device SecurityTwo aspects of device securityPhysical securityDevice RedundancyCisco Command ReferenceEIGRP (used in Example 3-1)Routing-enabled RedundancySlide 9Slide 10HSRPSlide 12Example HSRP Implementation Fig. 3-5Slide 14VRRPSlide 16Slide 17Slide 18Failover ProtocolSecurity of major devicesNetwork Security Principles & PracticesBy Saadat MalikCisco Press2003Network Security 2– Chapter 3 – Device Security•A device is a node helping to form the topology of the network.•A compromised device may be used by the attacker as a jumping board.•A DoS attack may be launched against a device.Network Security 3Two aspects of device security•Physical security–Placing the device in a secure location•Logical security–Securing the device against nonphysical attacksNetwork Security 4Physical securityConsiderations:•Using redundant devices?•Network topology (serialized, star, fully meshed?)•Where to place the network devices?•Media security (wire tapping, physical eavesdropping)•Adequate/uninterrupted power supply•disastersNetwork Security 5Device Redundancy•A backup device (router, switch, gateway, …) is configured to take over the functionality of a failed active device.•Means of achieving redundancy:A. Use routing to enable redundancyB. Use a redundancy protocol–Hot Standby Router Protocol (HSRP)–Virtual Router Redundancy Protocol (VRRP)–Failover protocols: a feature of Cisco PIX firewallsNetwork Security 6Cisco Command Reference•Cisco IOS Commands Master List (Release 12.4)http://www.cisco.com/en/US/docs/ios/mcl/124mainlinemcl/124_book.html •Cisco Security Appliance Command Line Configuration Guide, Version 8.0•http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/conf_gd.html •Configuration Guide for the Cisco Secure PIX Firewall Version 6.0:http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/index.htm •PIX Command Reference:http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094885.shtml •Cisco Command Summary: http://networking.ringofsaturn.com/Cisco/ciscocommandguide.php •Other useful sites:–http://www.freebraindumps.com/CCIE/ –http://www.groupstudy.com/Network Security 7EIGRP (used in Example 3-1)•IGRP: Cisco’s Interior Gateway Routing Protocol•EIGRP: Enhanced IGRP–A router running EIGRP stores all its neighbors' routing tables so that it can quickly adapt to alternate routes. –If no appropriate route exists, EIGRP queries its neighbors to discover an alternate route. –These queries propagate until an alternate route is found.•To enable EIGRP on the router you simply need to enable eigrp and define a network number. (From: http://networking.ringofsaturn.com/Cisco/eigrp.php) Router# conf t Router(config)# router eigrp 1Router(config-router)# network 172.16.0.0 •Cisco Router Configuration Tutorial: http://www.tele.pitt.edu/~telelab/labs/General%20Lab%20Documentation/pdf/GeneralLab%20Documentation~Cisco%20Router%20Configuration%20Tutorial~08.20.05.pdfNetwork Security 8Routing-enabled Redundancy•To set up routing in such a way that the routing protocols converge to one set of routes under normal conditions, and a different set of routes when some of the devices fail.1. (floating) static routes with varying weights: example 3-1 (next slide)Network Security 102. Dynamic routing protocols: e.g., Routing Information Protocol (RIP)–Alternative paths are used when the normal path fails. (Fig. 3-3)–RIP uses a single routing metric (hop count) to measure the distance between the source and a destination network. Each hop in a path from source to destination is assigned a hop count value, which is typically 1.–When a router receives a routing update that contains a new or changed destination network entry, the router adds 1 to the metric value indicated in the update and enters the network in the routing table. The IP address of the sender is used as the next hop.–More info: http://www.cisco.com/en/US/docs/internetworking/technology/handbook/RIP.htmlRouting-enabled RedundancyNetwork Security 11HSRP•Host Standby Routing Protocol•proprietary (Cisco): https://www.cisco.com/en/US/tech/tk648/tk362/tk321/tsd_technology_support_sub-protocol_home.html •A host uses a IP address as its default gateway.•A virtual router is set up for that IP:–a pair of IP and MAC addresses•The addresses are ‘taken’ by a set of routers configured with HSRP.•One of the routers is designated as the active router.•When the active router fails, one of the standby routers takes ownership of the IP and the MAC addresses.Network Security 12HSRP•HSRP group (aka. standby group)•election protocol•Packet format of HSRP messages: Fig. 3-4•Messages: hello, coup hello, resign•How HSRP provides redundancy?Fig. 3-5 (next slide)A virtual IP is shared between router A and B, so when B becomes the active router, no change of default gateway IP is needed in the end hosts.Network Security 13Example HSRP ImplementationFig. 3-5Network Security 14HSRP•Drawback: not very secureThe authentication field contains a password that is transmitted as clear text.•c.f., VRRP provides better security.Network Security 15VRRP•Virtual Router Redundancy Protocol•RFC 2338, RFC 3768 (4/04): ftp://ftp.rfc-editor.org/in-notes/rfc3768.txt •Non-proprietary (unlike HSRP)•an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN (the master router)•The election process provides dynamic failover in the forwarding responsibility should the Master becomes unavailable. •allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end-hosts.Network Security 16VRRP•When is the master router considered down?–The master router periodically sends out an advertisement message that contains an advertisement interval.–Each backup router uses a timer to decide when the master router is down.•The election process:–When a backup router detects that the master router is down, it sends an advertisement message with its own priority value in it.–The backup router with the highest priority value becomes the new master router.Network Security 17VRRP•Question: How if an attacker injects a fake VRRP advertisement message (possibly with very high priority value) into the network? Would it then be elected to be