I’ve been working on LAN infrastructure security assessment recently. As a part of it I’d been looking for bullet point-type summary of main threats to the 3 network architecture layers. I couldn’t find anything like that which led me to compiling my own list.
Enterprise Campus:
The following are some of the key threats that affect the campus:
The following are some of the threat vectors affecting the Intranet data center:
Management Module:
Enterprise WAN edge:
The threats addressed in the branch of an end-to-end enterprise architecture are focused on the following key areas:
The below points don’t follow standard access, distribution, core split but Cisco’s “modular design” principle.
Below points are based on “Cisco SAFE Design Reference Guide”. http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap1.html
Enterprise Core:
The following are some of the threat vectors affecting the enterprise core:
- Service disruption—DoS and DDoS attacks on the infrastructure.
- Unauthorized access—Intrusions, unauthorized users, escalation of privileges, unauthorized access to restricted infrastructure, and routing protocol attacks.
- Data disclosure and modification—Packet sniffing, man-in-the-middle (MITM) attacks of data while in transit.
Enterprise Campus:
- Service disruption—Botnets, malware, adware, spyware, viruses, DoS attacks (buffer overflows and endpoint exploitation), Layer-2 attacks, and DDoS on services and infrastructure.
- Unauthorized access—Intrusions, unauthorized users, escalation of privileges, IP Spoofing, and unauthorized access to restricted resources.
- Data disclosure and modification—Sniffing, man-in-the-middle (MITM) attacks of data while in transit.
- Network abuse—Peer-to-peer and instant messaging abuse, out-of-policy browsing, and access to forbidden content.
- Data leak—From servers and user endpoints, data in transit and in rest.
- Identity theft and fraud—On servers and end users, phishing, and E-mail spam.
Intranet Data Centre:
- Unauthorized access
- Interruption of service
- Data loss
- Data modification
Unauthorized access can include unauthorized device access and unauthorized data access. Interruption of service, data loss, and data modification can be the result of targeted attacks. A single threat can target one or more of these areas. Specific threats can include the following: privilege escalation; malware; spyware; botnets; denial-of-service (DoS); traversal attacks (including directory, URL); cross-site scripting attacks; SQL attacks; malformed packets; viruses; worms; and, man-in-the-middle.
Management Module:
The following are some of the expected threat vectors affecting the management module:
- Unauthorized Access
- Denial-of-Service (DoS)
- Distributed DoS (DDoS)
- Man-in-the-Middle (MITM) Attacks
- Privilege escalation
- Intrusions
- Network reconnaissance
- Password attacks
- IP spoofing
Internet Edge:
The Internet edge is a public-facing network infrastructure and is particularly exposed to large array of external threats. Some of the expected threats are as follows:
- Denial-of-service (DoS), distributed DoS (DDoS)
- Spyware, malware, and adware
- Network intrusion, takeover, and unauthorized network access
- E-mail spam and viruses
- Web-based phishing, viruses, and spyware
- Application-layer attacks (XML attacks, cross scripting, and so on)
- Identity theft, fraud, and data leakage
Enterprise WAN edge:
The threats addressed in the WAN edge of an end-to-end enterprise architecture are focused on three key areas:
- Malicious activity initiated by branch clients, including malware proliferation, botnet detection, network and application abuse, and other malicious or non-compliant activity.
- WAN transit vulnerabilities, such as sniffing and man-in-the-middle (MITM) attacks.
- Attacks against the infrastructure itself, such as unauthorized access, privilege escalation, and denial-of-service (DoS) attacks.
Enterprise Branch:
- Malicious activity by branch clients, including malware proliferation, botnet detection, network and application abuse, and other malicious or non-compliant activity.
- WAN transit vulnerabilities such as sniffing and man-in-the-middle (MITM) attacks.
- Attacks against the infrastructure itself, such as unauthorized access, privilege escalation, and denial-of-service (DoS) attacks
Comments
Post a Comment