1
00:00:00,790 --> 00:00:08,800
The vulnerabilities we may come across during the penetration test are as follows lack of access control

2
00:00:08,800 --> 00:00:16,000
list network devices provide basic traffic filtering capabilities with access control list.

3
00:00:16,930 --> 00:00:22,960
Access control lists can be configured for all routed network protocols to filter the packets of those

4
00:00:22,960 --> 00:00:26,110
protocols as the packets pass through a router.

5
00:00:27,620 --> 00:00:34,670
You can configure access control list at your router to control access to a network access list can

6
00:00:34,670 --> 00:00:38,360
prevent certain traffic from entering or exiting a network.

7
00:00:40,090 --> 00:00:41,950
Insecure password methods.

8
00:00:42,940 --> 00:00:48,100
While creating a credential for a network device, there might be more than one method to create the

9
00:00:48,100 --> 00:00:52,690
password for the account, and some of these methods are not secure either.

10
00:00:52,720 --> 00:00:59,530
The passwords are stored and transferred as clear text, or they're encoded or encrypted by an easy

11
00:00:59,530 --> 00:01:00,490
to crack cipher.

12
00:01:01,540 --> 00:01:09,880
Web interfaces to manage the network device using Web services and interfaces to manage network devices

13
00:01:09,880 --> 00:01:11,800
brings new responsibilities.

14
00:01:12,880 --> 00:01:19,270
First of all, you should use https instead of HTTP to avoid clear text traffic.

15
00:01:21,960 --> 00:01:29,280
Hardening the Web application against the vulnerability such as a school injection and access, implementing

16
00:01:29,280 --> 00:01:35,130
an appropriate authentication mechanism and access control are some other concerns of securing a Web

17
00:01:35,130 --> 00:01:35,820
application.

18
00:01:36,800 --> 00:01:46,580
Insecure as an MP versions, as an MP depends on secure strings or community strings that grant access

19
00:01:46,580 --> 00:01:53,930
to portions of devices management plans, abusive as MP could allow an unauthorised third party to gain

20
00:01:53,930 --> 00:01:55,670
access to a network device.

21
00:01:57,170 --> 00:02:04,940
As an MP, V3 should be the only version of an MP employed because as an MP, V3 has the ability to

22
00:02:04,940 --> 00:02:12,410
authenticate and encrypt payloads when either as an MPV one or as an MP two are employed.

23
00:02:12,410 --> 00:02:18,130
Like I was saying earlier, an adversary could sniff network traffic to determine the community's strength.

24
00:02:18,500 --> 00:02:19,430
You saw that happen.

25
00:02:19,730 --> 00:02:20,740
You did it yourself.

26
00:02:21,860 --> 00:02:26,390
This compromise could enable a man in the middle or replay attack.

27
00:02:27,520 --> 00:02:28,120
Telnet.

28
00:02:29,840 --> 00:02:35,930
Telnet data is sending clear text, so as you know, a man in the middle is able to read the traffic.

29
00:02:36,620 --> 00:02:42,650
It's certainly a good idea to use, for example, S.H., to access network devices, especially when

30
00:02:42,650 --> 00:02:44,780
going through a public network like Internet.

31
00:02:46,280 --> 00:02:53,180
And as you're probably aware, S.H. would encrypt all the data sent between the client and server,

32
00:02:53,510 --> 00:02:57,500
and even if someone gets a hand on the data, it's of absolutely no use.

33
00:02:58,970 --> 00:03:07,220
Non complex passwords, even if you use the right password methods, you should always use complex passwords

34
00:03:07,220 --> 00:03:13,340
because you are always under the risk of password cracking attacks such as brute force and dictionary

35
00:03:13,340 --> 00:03:13,940
attacks.