Abstract
Network devices not only allow users to build powerful local networks but also to protect them, their data, and their communications from unwanted intruders. However, it is important to give special attention to security within local networks, since internal attacks could be catastrophic for users. Internal security can be overlooked once the belief that all efforts and resources should be focused on protecting users from external intruders has been established. That belief is dangerous since it can foster the misconfiguration of internal network devices, providing a network infrastructure based on weak settings. This chapter should serve as a summary of a series of local network attacks as well as their countermeasures through the right configuration of the network devices. The attacks will be presented through a set of practical scenarios emulated on GNS3 to clarify their impact and consequences. Also, countermeasures will be discussed to illustrate their impact on networks and the advantages and disadvantages of their application.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ko, H., Mesicek, L., Choi, J., Choi, J., & Hwang, S. (2018). A study on secure contents strategies for applications with DRM on cloud computing. International Journal of Cloud Applications, 8(1), 143–153.
Tewari, A., & Gupta, B. (2018). Security, privacy and trust of different layers in Internet-of-Things (IoTs) framework. Future Generation Computer Systems. https://doi.org/10.1016/ j.future.2018.04.027
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (2016). Handbook of research on modern cryptographic solutions for computer and cyber security. Pennsylvania: IGI Global.
Gupta, B. B. (2018). Computer and cyber security: principles, algorithm, applications, and perspectives. Boca Raton: CRC Press.
Welsh, C. (2013). GNS3 network simulation guide. Birmingham: Packt.
García Rambla, J. L. (2012). Ataques en redes de datos IPv4 e IPv6 (p. 272). Madrid, Spain: 0xWORD.
Sommer, J., et al. (2010). Ethernet–a survey on its fields of application. IEEE Communications Surveys Tutorials, 12(2), 263–284.
Metcalfe, R. M., & Boggs, D. R. (1976). Ethernet: distributed packet switching for local computer networks. Communications of the ACM, 19(7), 395–404.
Mitnick, K. D., & Simon, W. L. (2009). The art of intrusion: the real stories behind the exploits of hackers, intruders and deceivers. Hoboken, NJ: Wiley.
Kiravuo, T., Sarela, M., & Manner, J. (2013). A survey of Ethernet LAN security. IEEE Communications Surveys Tutorials, 15(3), 1477–1491.
Santos, O., & Stuppi, J. (2015). CCNA security 210–260 official cert guide. Indianapolis,IN: Cisco Press.
Cisco Packet Tracer. (2009). Cisco networking academy. San Jose, CA: Cisco Systems.
Dooley, K., & Brown, I. (2006). Cisco IOS cookbook: Field-tested solutions to Cisco router problems. Sebastopol, CA: O’Reilly Media.
Sun, L., Wu, J., Zhang, Y., & Yin, H. (2013). Comparison between physical devices and simulator software for Cisco network technology teaching. In Computer Science and Education (ICCSE), 2013 8th International Conference on (pp. 1357–1360). IEEE.
Walters, B. (1999). VMware virtual platform. Linux Journal, 1999(63es), 6.
Oracle, V. M. (2015). VirtualBox. https://www.virtualbox.org/
Zhang, Y., Liang, R., & Ma, H. (2012). Teaching innovation in computer network course for undergraduate students with packet tracer. IERI Procedia, 2, 504–510.
Janitor, J., Jakab, F., & Kniewald, K. (2010). Visual learning tools for teaching/learning computer networks: Cisco networking academy and packet tracer. In: 2010 Sixth International Conference on Networking and Services (pp. 351–355). IEEE.
Moreno-Montero, Á. M., & Retorillo-Manzano, D. (2017). Design and deployment of hands-on network lab experiments for computer science engineers. International Journal of Engineering Education, 33, 855–864.
Archana, C. (2015). Analysis of RIPv2, OSPF, EIGRP Configuration on router Using CISCO Packet tracer. International Journal of Engineering Science Innovative Technology, 4(2), 215–222.
Makasiranondh, W., Maj, S. P., & Veal, D. (2010). Pedagogical evaluation of simulation tools usage in network technology education. World Transactions on Engineering Technology Education, 8(3), 321–326.
Wang, Y., & Wang, J. (2010). Use gns3 to simulate network laboratory. Computer Programming Skills Maintenance, 12, 046.
Gil, P., Garcia, G. J., Delgado, A., Medina, R. M., Calderon, A., & Marti, P. (2014). Computer networks virtualization with GNS3: Evaluating a solution to optimize resources and achieve a distance learning. In Frontiers in Education Conference (FIE), 2014 IEEE (pp. 1–4). IEEE.
Faxun, L. (2010). The application of GNS3 in network experiments. Computer Telecommunication, 10, 032.
PENG, C.-y., & LIU, B. (2010). Application of GNS3 at computer network teaching [J]. Theory Research, 20, 136.
Zimmermann, H. (1980). OSI reference model--The ISO model of architecture for open systems interconnection. IEEE Transactions on Communications, 28(4), 425–432.
Boyles, T. (2010). CCNA security study guide: exam 640-553. Hoboken, NJ: Wiley.
Dubrawsky, I. (2004). Safe layer 2 security in-depth. White paper, San Jose, CA: Cisco Inc.
Cisco Systems. (2008). Cisco IOS security configuration guide. Retrieved from https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/12_4/sec_12_4_book.pdf
Paquet, C. (2009). Implementing Cisco IOS network security (IINS). Indianapolis, Indiana: Cisco Press.
Vykopal, J., Plesnik, T., & Minarik, P. (2009). Network-based dictionary attack detection. In Future Networks, 2009 International Conference on (pp. 23–27). IEEE.
Postel, J., & Reynolds, J. K. (1983). Telnet protocol specification (RFC 854). Retrieved from https://tools.ietf.org/html/rfc854
Ylonen, T., & Lonvick, C. (2005). The secure shell (SSH) protocol architecture (RFC 4251). Retrieved from https://tools.ietf.org/html/rfc4251
Bhaiji, Y. (2007). Understanding, preventing, and defending against layer 2 attacks. Retrieved from http://www.nanog.org/meetings/nanog42/presentations/Bhaiji_Layer_2_Attacks.pdf
Plummer, D. (1982). Ethernet address resolution protocol: Or converting network protocol addresses to 48. bit Ethernet address for transmission on Ethernet hardware (RFC 826). Retrieved from https://tools.ietf.org/html/rfc826
Whalen, S. (2001). An introduction to ARP spoofing. Retrieved from http://node99.org/projects/arpspoof
Wagner, R. (2001). Address resolution protocol spoofing and man-in-the-middle attacks. The SANS Institute.
Spangler, R. (2003). Packet sniffing on layer 2 switched local area networks. Packetwatch Research, 1–5.
Ornaghi, A., & Valleri, M. (2003). Man in the middle attacks. In Blackhat Conference Europe.
Ramachandran, V., & Nandi, S. (2005). Detecting ARP spoofing: An active technique. In: International Conference on Information Systems Security (pp. 239–250). Berlin: Springer.
Convery, S. (2002). Hacking layer 2: Fun with Ethernet switches. Retrieved from https://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf.
Altunbasak, H., Krasser, S., Owen, H. L., Grimminger, J., Huth, H.-P., & Sokol, J. (2005). Securing layer 2 in local area networks. In: International conference on networking (pp. 699–706). Berlin: Springer.
IEEE. (2018). IEEE standard for local and metropolitan area network-bridges and bridged networks. IEEE Std 802.1Q-2018 (Revision of IEEE Std 802.1Q-2014), 1-1993. https://doi.org/10.1109/IEEESTD.2018.8403927
Annaamalai, A., & Mahajan, U. (2002). Dynamic trunk protocol. Google Patents
Cisco Networking Academy. (2014). Dynamic trunking protocol (3.2.3) > Cisco Networking Academy’s Introduction to VLANs. Retrieved from http://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=8
Postel, J. (1981). Internet control message protocol (RFC 792). Retrieved from https://tools.ietf.org/html/rfc792
Low, C. (2001). ICMP attacks illustrated. SANS Institute. Retrieved from https://www.sans.org/reading-room/whitepapers/threats/icmp-attacks-illustrated-477
Serrano-Marín, J. D. (2018). Implementación de un sistema de detección/prevención de intrusiones. Jaén: Universidad de Jaén
Ramakrishna, P., & Maarof, M. (2002). Detection and prevention of active sniffing on routing protocol. In: SCOReD 2002. Student Conference on Research and Development (pp. 498–501). IEEE.
Kumar, S. (2007). Smurf-based distributed denial of service (DDoS) attack amplification in internet. In: Internet Monitoring and Protection, 2007. ICIMP 2007. Second International Conference on (pp. 25–25). IEEE.
Senie, D. (1999). Changing the default for directed broadcasts in routers (RFC 2644). Retrieved from https://tools.ietf.org/html/rfc2644
Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53.
Cisco. (2014). Comparing traffic policing and traffic shaping for bandwidth limiting. Retrieved from https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
Eddy, W. (2007). TCP SYN flooding attacks and common mitigations, 2070-1721. https://www.rfc-editor.org/rfc/rfc4987.txt
Droms, R. (1997). Dynamic host configuration protocol, 2070-1721. http://www.rfc-editor.org/info/rfc2131
Daş, R., Karabade, A., & Tuna, G. (2015). Common network attack types and defense mechanisms. In: Signal Processing and Communications Applications Conference (SIU), 2015 23th (pp. 2658–2661). IEEE.
Acknowledgment
This research work has been supported by the Spanish Ministry of Education and Vocational Training under a FPU fellowship (FPU17/03276).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Vázquez-Ingelmo, A., Moreno-Montero, Á.M., García-Peñalvo, F.J. (2020). Threats Behind Default Configurations of Network Devices: Wired Local Network Attacks and Their Countermeasures. In: Gupta, B., Perez, G., Agrawal, D., Gupta, D. (eds) Handbook of Computer Networks and Cyber Security. Springer, Cham. https://doi.org/10.1007/978-3-030-22277-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-22277-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-22276-5
Online ISBN: 978-3-030-22277-2
eBook Packages: Computer ScienceComputer Science (R0)