Routers, Switches and Firewalls
- Switch-
- joins multiple computers together on a local network, It can not make a routing
- Attacks on switch example, MAC flooding attack
- For forensic analysis, the evidence can be gathered from, stored packets, CAM tables, ARP Table, ACLs, flow data and performance status, the OS image and startup configuration, logging data
Router-
- performs the direction of traffic in different networks, Therefore if an attacker can access the router, they can redirect and /or modify traffic.
- Attacks on routers examples DDOS or DOS
- Routers for example CISCO come with commands that can be used to configure, monitor and the overall state of the router
- For forensics analysis, the evidence that can be gathered from the router is through System log(Syslog), FTP, TFTP, SNMP, the access history, DHCP logs, Backup configurations and analysis of the flow of data
- Port Mirroring
Is a method of monitoring network traffic, If port mirroring is enabled on a switch, the switch sends copies of the network packets to another port for analysis. For example if computer A wants to communicate to computer B, computer A sends packets to computer B, through the switch, at the same time when the packets reach the switch they are copied and sent to the analysis port (connected to the monitoring computer).
Port mirroring allows packets to be seen on another computer that the packets are normally hidden from.
- a)In which port and switch will you set up port mirroring
In core switch in port 5 because that way the traffic from communication between ports 2,3 and 4 through ethernet can be monitored. And the outbound traffic from the core switch port 1 to the internet can be monitored as well.
b)Sequence to enable port mirroring and capture all the suspected traffic
enable
sh monitor
conf t
monitor session 1 source interface fa 0/3
monitor session 1 destination interface fa 0/5
monitor session 2 source interface fa 0/2
monitor session 2 destination interface fa 0/5
monitor session 3 source interface fa 0/4
monitor session 3 destination interface fa 0/5
monitor session 4 source interface fa 0/1
monitor session 4 destination interface fa 0/5
end
sh monitor
Leave a Reply