SEC 410 – Discussion – Week 2

What is the value of the Common Vulnerabilities and Exposure (CVE) standard?

Before CVE, different Cybersecurity tools had their own databases of information. Sometimes they would refer to the same problem by different ID and therefor hard to compare databases. There were also not standards for identifying threats so different tools were providing different reports on the same problems. Due to these problems, CVE compatible tools allow for better security.

https://cve.mitre.org/about/index.html

 

How can the CVE be used to improve an organization’s network security?

The most threatening vulnerabilities can be manually tested for using programs like metasploit to test network security. It can also be used to evaluate the effectiveness of currently in-place antivirus and firewall solutions.

 

How can the routing process be vulnerable to attacks?

A common denial of service attack is to generate a lot of bandwidth, effectively making the routing process useless.

Wireless service can also be disrupted via jamming tools.

Connection information can be monitored with programs like wire shark

 

What security measures can be taken for defending the routing process?

Logging/Reporting so you can keep track of critical security events (via email or even text messages to your phone). You could also turn on notifications for medium and low-level security events. This is just an example. Different firewalls/routers might give their levels of security events different names and also have more levels than just those three.

Traffic Shaping – You can limit the bandwidth that traverses a firewall. Depending on the firewall (generally how expensive it is) you can get very specific with this. You could say from one ip to another ip it can use x% of the bandwidth only, no matter what the traffic is. Or you could say ALL outbound traffic that is not a phone call is limited to 90% of total upload that is provided by your internet service provider. However, you imagine traffic being customized, it probably can be.

External monitoring – even very advanced firewalls can’t compete with a dedicated monitoring tool. They do however provide a lot of information via OID’s (object identifiers). So in Linux there’s a program snmpwalk that’ll go through and pull all the OID’s from a device. Tons of data that can be logged. You can monitor the temperature of the unit, or the firmware version, or even the radio frequency. Just all sorts of stuff, way more than you’ll ever need. So you pick a few of those you do need, tell your external monitoring program to keep a log of them and maybe make some graphs (something like https://www.cacti.net/). Alerts can be set up in conjunction with this.

Another important thing to do to protect anything involved in the routing process is to restrict access. You can isolate subnets from each other via the access list. You can also restrict access to the public facing interface (ethernet or fiber port that goes out to the internet) if there is one. If it’s publicly accessible, even just open to pings from anywhere, your service is going to suffer.

Also, two-factor authentication is essential if any critical systems are connected to a wireless access point. I wrote an article about it here – https://feoletech.com/why-your-wireless-connection-is-probably-not-safe/