1
00:00:01,130 --> 00:00:03,250
<v ->Securing network devices.</v>

2
00:00:03,250 --> 00:00:06,370
Network devices include things like switches, routers,

3
00:00:06,370 --> 00:00:09,950
firewalls, IDS, IPS, and more.

4
00:00:09,950 --> 00:00:12,510
Each of these different devices has its own vulnerabilities

5
00:00:12,510 --> 00:00:13,860
that have to be addressed.

6
00:00:13,860 --> 00:00:15,580
But for the Security+ exam,

7
00:00:15,580 --> 00:00:17,760
we're going to focus on the most common vulnerabilities

8
00:00:17,760 --> 00:00:19,920
across all of these different devices.

9
00:00:19,920 --> 00:00:21,630
The first vulnerability we're going to talk about

10
00:00:21,630 --> 00:00:23,290
is default accounts.

11
00:00:23,290 --> 00:00:25,120
These are accounts that exist on a device

12
00:00:25,120 --> 00:00:27,030
straight out of the box when you buy it.

13
00:00:27,030 --> 00:00:29,070
So, for example, if you buy a small office,

14
00:00:29,070 --> 00:00:30,880
home office wireless access point,

15
00:00:30,880 --> 00:00:33,570
like a Linksys or a D-Link, or something like that,

16
00:00:33,570 --> 00:00:36,200
it's going to have some accounts already established on there.

17
00:00:36,200 --> 00:00:39,510
It might have one like admin or administrator or user,

18
00:00:39,510 --> 00:00:41,060
or something of that nature.

19
00:00:41,060 --> 00:00:44,030
All of these default accounts are very easy to figure out

20
00:00:44,030 --> 00:00:45,310
and very easy to guess.

21
00:00:45,310 --> 00:00:47,950
And so, it's important for you to actually change these names

22
00:00:47,950 --> 00:00:49,580
so that they're not something that an attacker

23
00:00:49,580 --> 00:00:50,490
can easily guess.

24
00:00:50,490 --> 00:00:52,490
And then, all they have to do is guess your password.

25
00:00:52,490 --> 00:00:54,860
Now, this applies to your organizations, as well.

26
00:00:54,860 --> 00:00:56,540
You want to make sure that your naming schemes

27
00:00:56,540 --> 00:00:58,220
aren't really easy to guess.

28
00:00:58,220 --> 00:01:00,850
Unfortunately, though, most organizations are going to use

29
00:01:00,850 --> 00:01:03,720
a common naming scheme for all of their users.

30
00:01:03,720 --> 00:01:06,040
For example, most organizations like to use

31
00:01:06,040 --> 00:01:07,650
first name dot last name.

32
00:01:07,650 --> 00:01:09,620
So, if your name was Jason Dion, like me,

33
00:01:09,620 --> 00:01:12,480
you're Jason.Dion@yourcompany.com.

34
00:01:12,480 --> 00:01:14,250
Or sometimes they'll do something like

35
00:01:14,250 --> 00:01:17,490
jdion@yourcompany.com, where it's the first letter

36
00:01:17,490 --> 00:01:18,810
and the last name.

37
00:01:18,810 --> 00:01:22,250
Any of these make for a great, normal, easy to understand

38
00:01:22,250 --> 00:01:23,120
naming scheme.

39
00:01:23,120 --> 00:01:24,586
That makes operations very easy.

40
00:01:24,586 --> 00:01:27,360
But it also makes it fairly easy to guess.

41
00:01:27,360 --> 00:01:31,520
Because if I see that Jason.Dion@whatever.com is one email,

42
00:01:31,520 --> 00:01:35,150
then I can probably guess that Susan.Smith is also there.

43
00:01:35,150 --> 00:01:37,060
Or whoever else I'm dealing with.

44
00:01:37,060 --> 00:01:39,140
You want to make sure you're thinking about this

45
00:01:39,140 --> 00:01:40,850
and you're starting to add diversity,

46
00:01:40,850 --> 00:01:44,200
and making sure that those default usernames are changed.

47
00:01:44,200 --> 00:01:45,900
Now, the next thing you want to think about

48
00:01:45,900 --> 00:01:47,810
is the device username, as well.

49
00:01:47,810 --> 00:01:49,200
There's defaults for this, too.

50
00:01:49,200 --> 00:01:51,540
I've seen people call them router or switch

51
00:01:51,540 --> 00:01:52,690
as the usernames.

52
00:01:52,690 --> 00:01:54,090
That's not a good plan, either.

53
00:01:54,090 --> 00:01:55,530
When you're creating a device account,

54
00:01:55,530 --> 00:01:57,350
you want it to be something more complex.

55
00:01:57,350 --> 00:01:59,510
So, maybe it's rtr for router,

56
00:01:59,510 --> 00:02:01,060
with a couple of numbers after it.

57
00:02:01,060 --> 00:02:02,730
Something that's not easily guessable.

58
00:02:02,730 --> 00:02:03,680
That's what I'm talking about here

59
00:02:03,680 --> 00:02:06,040
as we try to change these default accounts.

60
00:02:06,040 --> 00:02:07,690
The next issue we have goes right along

61
00:02:07,690 --> 00:02:10,130
with default accounts, it's weak passwords.

62
00:02:10,130 --> 00:02:12,370
Don't leave passwords as their default.

63
00:02:12,370 --> 00:02:14,620
For instance, those Linksys routers we all have,

64
00:02:14,620 --> 00:02:17,250
they're admin for user, admin for password.

65
00:02:17,250 --> 00:02:18,460
That is horrible.

66
00:02:18,460 --> 00:02:19,900
We also don't want to use any words

67
00:02:19,900 --> 00:02:21,150
that are in the dictionary.

68
00:02:21,150 --> 00:02:24,820
Your passwords need to be long, strong, and complex,

69
00:02:24,820 --> 00:02:28,270
with at least 14 characters long, upper case, lower case,

70
00:02:28,270 --> 00:02:30,060
special characters, and numbers.

71
00:02:30,060 --> 00:02:32,230
By having this mixture, it's going to increase the time

72
00:02:32,230 --> 00:02:34,280
it takes to brute force that password,

73
00:02:34,280 --> 00:02:35,810
and make it much harder for an attacker

74
00:02:35,810 --> 00:02:37,200
to break in to your network.

75
00:02:37,200 --> 00:02:39,490
So, for example, if I have the password of password,

76
00:02:39,490 --> 00:02:42,910
which is all lower case, I'm only using 26 different options

77
00:02:42,910 --> 00:02:45,290
because lower case letters are A through Z.

78
00:02:45,290 --> 00:02:48,130
And so, if I look at that, that's considered a weak password.

79
00:02:48,130 --> 00:02:51,150
If I add some upper case to it, now I have 52 characters

80
00:02:51,150 --> 00:02:52,870
because I have upper case and lower case.

81
00:02:52,870 --> 00:02:54,600
So, I have something like PaSSworD,

82
00:02:54,600 --> 00:02:57,200
where the P, the S's and the D's are upper case

83
00:02:57,200 --> 00:02:59,010
and the other letters are lower case.

84
00:02:59,010 --> 00:03:00,300
If I want to make it even more secure,

85
00:03:00,300 --> 00:03:01,530
I can add numbers to that.

86
00:03:01,530 --> 00:03:03,900
And I'll change out the S's for fives

87
00:03:03,900 --> 00:03:06,800
and the Os for zeroes, things like that.

88
00:03:06,800 --> 00:03:08,950
And this is going to give us more choices, again,

89
00:03:08,950 --> 00:03:11,780
because we have 26 lower case, 26 upper case,

90
00:03:11,780 --> 00:03:14,190
and 10 numbers, zero through nine.

91
00:03:14,190 --> 00:03:16,050
But, if we want it to be the best and most secure

92
00:03:16,050 --> 00:03:18,710
that it possibly can be, we want to add symbols to this, too.

93
00:03:18,710 --> 00:03:19,970
And so now, we're going to get something like

94
00:03:19,970 --> 00:03:21,280
70 different options.

95
00:03:21,280 --> 00:03:23,030
We have upper case, we have lower case,

96
00:03:23,030 --> 00:03:25,130
we have special characters, and we have numbers.

97
00:03:25,130 --> 00:03:27,860
And so, by getting this complex password here,

98
00:03:27,860 --> 00:03:30,340
that's written as P@$5w0rd, it's much harder to break

99
00:03:30,340 --> 00:03:34,070
than the old password of P-A-S-S-W-O-R-D.

100
00:03:34,070 --> 00:03:36,300
Now, of course, none of these options are good ones, right?

101
00:03:36,300 --> 00:03:37,970
Because password is a common name

102
00:03:37,970 --> 00:03:40,670
and all these variations are pretty much known by attackers.

103
00:03:40,670 --> 00:03:42,720
And, again, this is only eight characters.

104
00:03:42,720 --> 00:03:44,440
But I'm trying to save some space on the screen.

105
00:03:44,440 --> 00:03:45,850
You're getting the idea, though.

106
00:03:45,850 --> 00:03:48,560
The more complex the password is, and the longer it is,

107
00:03:48,560 --> 00:03:50,090
the harder it's going to be to break,

108
00:03:50,090 --> 00:03:52,560
and it's going to be giving you more security to your networks,

109
00:03:52,560 --> 00:03:54,070
and that's going to help you secure

110
00:03:54,070 --> 00:03:55,970
the weak password vulnerability.

111
00:03:55,970 --> 00:03:58,930
The third issue that we have is privilege escalation.

112
00:03:58,930 --> 00:04:00,960
A privilege escalation occurs when a user is

113
00:04:00,960 --> 00:04:02,710
able to gain the rights of another user

114
00:04:02,710 --> 00:04:03,930
or an administrator.

115
00:04:03,930 --> 00:04:05,240
If your devices aren't up-to-date

116
00:04:05,240 --> 00:04:06,670
on their firmware or updates,

117
00:04:06,670 --> 00:04:09,270
you could have bugs that could be exploited by an attacker.

118
00:04:09,270 --> 00:04:11,590
So, if they can break in as a standard user,

119
00:04:11,590 --> 00:04:14,390
and then escalate up to the root or admin-level account,

120
00:04:14,390 --> 00:04:16,180
and they can then take over your device.

121
00:04:16,180 --> 00:04:18,110
That's the idea with privilege escalation.

122
00:04:18,110 --> 00:04:20,530
Now, privilege escalation can happen one of two ways.

123
00:04:20,530 --> 00:04:23,010
It can happen vertically or horizontally.

124
00:04:23,010 --> 00:04:24,140
When it happens vertically,

125
00:04:24,140 --> 00:04:27,400
it goes from a user up to an administrator account.

126
00:04:27,400 --> 00:04:28,780
It goes upward, right?

127
00:04:28,780 --> 00:04:30,890
Now, if we talk about going horizontally,

128
00:04:30,890 --> 00:04:32,840
privilege escalation then goes from one user

129
00:04:32,840 --> 00:04:34,060
to another user.

130
00:04:34,060 --> 00:04:36,060
So, if you and I both work in an organization

131
00:04:36,060 --> 00:04:37,460
and we both have user accounts,

132
00:04:37,460 --> 00:04:39,100
and I break into your account,

133
00:04:39,100 --> 00:04:41,850
that's considered a horizontal privilege escalation.

134
00:04:41,850 --> 00:04:44,560
We do that a lot of times as a way of lateral movement

135
00:04:44,560 --> 00:04:46,690
throughout the network until we can find a way

136
00:04:46,690 --> 00:04:48,400
to escalate vertically up.

137
00:04:48,400 --> 00:04:51,040
If I can get into your account, I can run things as you

138
00:04:51,040 --> 00:04:52,090
and you're going to take the blame

139
00:04:52,090 --> 00:04:53,560
if I'm doing something wrong.

140
00:04:53,560 --> 00:04:55,730
Our next vulnerability is backdoors.

141
00:04:55,730 --> 00:04:58,900
A backdoor is way of bypassing the normal authentication

142
00:04:58,900 --> 00:05:00,490
that exists in a system.

143
00:05:00,490 --> 00:05:02,420
These devices that we use are made up of

144
00:05:02,420 --> 00:05:04,590
lots of hardware and lots of software.

145
00:05:04,590 --> 00:05:06,200
Think about your router or your switch.

146
00:05:06,200 --> 00:05:07,550
It's got its own operating system,

147
00:05:07,550 --> 00:05:09,340
it's got its own chips inside of it.

148
00:05:09,340 --> 00:05:11,280
Do you know who made that device?

149
00:05:11,280 --> 00:05:13,970
Which manufacturing plant overseas might have embedded

150
00:05:13,970 --> 00:05:15,620
a little something extra in the code,

151
00:05:15,620 --> 00:05:17,200
or a little something extra of a chip

152
00:05:17,200 --> 00:05:18,670
inside your router or switch?

153
00:05:18,670 --> 00:05:20,800
You really have no way of knowing that, right?

154
00:05:20,800 --> 00:05:22,420
And according to recent news reports,

155
00:05:22,420 --> 00:05:25,510
some believe that nation states have been doing just that.

156
00:05:25,510 --> 00:05:27,250
To prevent this, you need to implement

157
00:05:27,250 --> 00:05:28,870
good supply chain management.

158
00:05:28,870 --> 00:05:30,980
You need to understand where your devices are coming from,

159
00:05:30,980 --> 00:05:32,430
and who's been getting them.

160
00:05:32,430 --> 00:05:33,940
So, if you're going to buy a Cisco device,

161
00:05:33,940 --> 00:05:36,200
you should probably buy it from Cisco directly,

162
00:05:36,200 --> 00:05:38,600
and not buy it from some third-party manufacturer

163
00:05:38,600 --> 00:05:41,410
that has a knockoff clone that's maybe a little bit cheaper.

164
00:05:41,410 --> 00:05:42,810
You want to make sure you're getting good devices

165
00:05:42,810 --> 00:05:44,520
from companies you trust.

166
00:05:44,520 --> 00:05:46,160
Next, we have network attacks,

167
00:05:46,160 --> 00:05:49,100
and network attacks can simply happen all the time, right?

168
00:05:49,100 --> 00:05:50,010
We've talked about this a lot

169
00:05:50,010 --> 00:05:51,330
in the last section of the course.

170
00:05:51,330 --> 00:05:52,330
We talked about all the different ways

171
00:05:52,330 --> 00:05:53,550
you could do network attacks.

172
00:05:53,550 --> 00:05:55,850
Well, to prevent these from occurring, you need to ensure

173
00:05:55,850 --> 00:05:58,540
you have a good intrusion prevention system in place,

174
00:05:58,540 --> 00:06:00,330
you have a properly-configured firewall,

175
00:06:00,330 --> 00:06:01,970
and good network segmentation,

176
00:06:01,970 --> 00:06:04,240
as well as ensuring that all your devices are up-to-date

177
00:06:04,240 --> 00:06:05,900
with their firmware and their updates.

178
00:06:05,900 --> 00:06:07,730
If you can do this, you can minimize

179
00:06:07,730 --> 00:06:09,970
a lot of the vulnerabilities that are out there.

180
00:06:09,970 --> 00:06:12,850
Another big vulnerability, especially in networking devices,

181
00:06:12,850 --> 00:06:14,090
is Telnet.

182
00:06:14,090 --> 00:06:16,950
Some organizations out there are still using Telnet.

183
00:06:16,950 --> 00:06:20,400
If this is your organization, I want you to stop now.

184
00:06:20,400 --> 00:06:21,930
Telnet is horrible.

185
00:06:21,930 --> 00:06:25,160
It is unsecure and it passes your information in the clear.

186
00:06:25,160 --> 00:06:26,760
Meaning it's not encrypted.

187
00:06:26,760 --> 00:06:29,260
Anyone who's on that network can see your usernames,

188
00:06:29,260 --> 00:06:31,320
your passwords, and the commands you're sending.

189
00:06:31,320 --> 00:06:33,770
And this puts the entire network at risk.

190
00:06:33,770 --> 00:06:37,320
Turn off Telnet immediately and switch to SSH instead,

191
00:06:37,320 --> 00:06:39,730
which is Secure Shell that uses good encryption

192
00:06:39,730 --> 00:06:41,630
between your device and the device you're trying

193
00:06:41,630 --> 00:06:43,797
to take remote control of.