1
00:00:00,620 --> 00:00:06,200
The vulnerabilities we may come across during the penetration tests are as follows.

2
00:00:06,860 --> 00:00:09,560
The lack of access control lists.

3
00:00:10,340 --> 00:00:16,219
Network devices provide basic traffic filtering capabilities with access control lists.

4
00:00:16,790 --> 00:00:22,880
Access control lists can be configured for all routed network protocols to filter the packets of those

5
00:00:22,880 --> 00:00:26,240
protocols as the packets pass through a router.

6
00:00:27,330 --> 00:00:32,850
You can configure access control lists at your router to control access to a network.

7
00:00:33,360 --> 00:00:38,520
Access lists can prevent certain traffic from entering or exiting a network.

8
00:00:39,890 --> 00:00:42,110
Insecure password methods.

9
00:00:42,890 --> 00:00:48,020
While creating a credential for a network device, there might be more than one method to create the

10
00:00:48,020 --> 00:00:52,010
password for the account, and some of these methods are not secure.

11
00:00:52,040 --> 00:00:59,180
Either the passwords are stored and transferred as clear text, or they're encoded or encrypted by an

12
00:00:59,180 --> 00:01:00,620
easy to crack cipher.

13
00:01:01,310 --> 00:01:09,800
Web interfaces to manage the network device Using web services and interfaces to manage network devices

14
00:01:09,800 --> 00:01:12,020
brings new responsibilities.

15
00:01:12,530 --> 00:01:19,400
First of all, you should use Https instead of Http to avoid cleartext traffic.

16
00:01:21,820 --> 00:01:27,910
Hardening the web application against the vulnerabilities such as SQL injection and XSS.

17
00:01:28,240 --> 00:01:34,750
Implementing an appropriate authentication mechanism and access control are some other concerns of securing

18
00:01:34,750 --> 00:01:35,980
a web application.

19
00:01:36,640 --> 00:01:39,220
Insecure SNP versions.

20
00:01:39,820 --> 00:01:44,140
SNP depends on secure strings or community.

21
00:01:44,170 --> 00:01:49,540
Strings that grant access to portions of devices management plans.

22
00:01:49,570 --> 00:01:55,870
Abuse of SNP could allow an unauthorized third party to gain access to a network device.

23
00:01:57,180 --> 00:02:05,590
SNP three should be the only version of SNP employed because SNP three has the ability to authenticate

24
00:02:05,590 --> 00:02:07,390
and encrypt payloads.

25
00:02:07,930 --> 00:02:16,090
When either SNP one or SNP two are employed, like I was saying earlier, an adversary could sniff network

26
00:02:16,090 --> 00:02:18,250
traffic to determine the community string.

27
00:02:18,280 --> 00:02:19,480
You saw that happen?

28
00:02:19,510 --> 00:02:20,890
You did it yourself.

29
00:02:21,640 --> 00:02:26,590
This compromise could enable a man in the middle or replay attack.

30
00:02:27,250 --> 00:02:28,240
Telnet.

31
00:02:29,660 --> 00:02:32,130
Telnet data is sent in clear text.

32
00:02:32,150 --> 00:02:36,170
So, as you know, a man in the middle is able to read the traffic.

33
00:02:36,320 --> 00:02:42,890
It's certainly a good idea to use, for example, SSH to access network devices, especially when going

34
00:02:42,890 --> 00:02:44,930
through a public network like Internet.

35
00:02:46,250 --> 00:02:53,270
And as you're probably aware, SSH would encrypt all the data sent between the client and server.

36
00:02:53,270 --> 00:02:57,680
And even if someone gets a hand on the data, it's of absolutely no use.

37
00:02:58,730 --> 00:03:01,280
Non complex passwords.

38
00:03:02,000 --> 00:03:08,570
Even if you use the right password methods, you should always use complex passwords because you are

39
00:03:08,570 --> 00:03:14,120
always under the risk of password cracking attacks such as brute force and dictionary attacks.