At present, the application of IP network routers is still very extensive, and the market demand is also very high, so I have studied the Security and equipment testing of IP network routers. Here I will share with you, I hope it will be useful to you. Today's era is the network era. The IP network routers that emerged at the end of the 20th century have created a miracle in the history of human science and technology at an unprecedented speed, there is also a trend to replace the already existing 100 years of circuit switching network. However, from the perspective of telecom networks, IP network routers still have problems such as security, service quality, and operation mode.
Among them, the security of the IP network router is a very important aspect. The openness of the IP network router makes the security problem very complicated. This article focuses on analyzing the security threats faced by the IP network, and discusses the test of the security function of the IP network router.
Security threats to IP network routers
The biggest advantage of an IP network is its openness and maximum support for terminal intelligence, which makes it available to a variety of services and applications. But at the same time, the openness of the IP network router and the intelligence of the terminal also make the IP network face unprecedented security threats.
There are two security threats to IP network routers. One is the security of hosts (including user hosts and application servers), and the other is the network itself (mainly network devices, including routers and switches) security. The security threats perceived by user hosts are mainly attacks against specific operating systems (mainly Windows systems), known as viruses. IP network router devices are mainly faced with TCP/IP-based attacks. This article mainly discusses the security of the network itself, that is, the IP network router device (mainly the router) itself. Vro devices can be divided into data planes, control/signaling planes, and management planes. They can also be divided by TCP/IP protocol levels from the perspective of protocol systems.
(1) For the data plane, its function is to process the data stream that enters the device. It may be subject to traffic-based attacks, such as large traffic attacks and malformed packet attacks. The main purpose of these attacks is to take up the processing time of the CPU of the device, so that normal data traffic cannot be processed and the availability of the device is reduced. Because the data plane is responsible for forwarding user data, it will also be attacked against user data, mainly for Malicious theft, modification, and deletion of user data, this damages the confidentiality and integrity of user data.
(2) For routers, the main function of the control/signaling plane is to exchange routing information. This plane is mainly threatened by the theft of route information and forgery of IP addresses, which may cause leakage or misuse of network route information.
(3) For the system management plane, threats come from two aspects: one is the vulnerability of the protocols used by system management (such as Telnet and HTTP), and the other is not strictly managed, such as the leakage of management accounts of IP network routers.
Main attack methods that threaten Network Security
1. Data plane
The primary attack on the data plane is DoS (Deny of Service) attacks, which may take many forms for different protocols.
(1) LAND attack. LAND attacks use vulnerabilities in TCP protocol implementation in some systems to create TCPSYN packets. The source IP address and TCP port number of these packets are the same as the destination IP address and TCP port number, in this way, the system will initiate a TCP connection to itself, resulting in unnecessary consumption of system resources.
(2) SYNF1ood attack. SYNF1ood attacks use the TCP three-way handshake mechanism to send a large number of SYN request packets from the attacked host to the attacked IP network router. The source address of these packets is an inaccessible host address, after the attacked IP network router device sends a SYNACK packet, it starts to wait for a large number of ACK packets that are impossible to reach, resulting in a large amount of system resource occupation.
(3) Smurf attacks. Smurf attacks are DoS attacks using ICMP protocol. This attack spoofed the source address of the ICMP Echo Request (Ping) packet into the address of the attacked device. The destination address is the broadcast address in the network, such a large number of ICMP response packets will greatly increase the load on the attacked IP network router devices and networks. If UDP is used in the attack, the request message is transformed into a Fraggle attack.
(4) PingF1ood attack. PingF1ood attacks send a large number of Ping packets continuously from a high-bandwidth connection to a low-bandwidth connection. The attacked device will respond to each Ping packet, this reduces the available bandwidth of the network.
(5) Teardrop Attack. Teardrop attacks use the fragmentation/reorganization mechanism of IP packets to send forged fragmented IP packets, and set the Offset field indicated in the IP packet header to a duplicate value, this causes the system to suspend or even shut down when the attacked IP network router device processes these packets.
(6) Ping of Death attack. The Ping of Death attack sends a Ping packet with a packet length of more than 65535, which leads to an error in the memory allocation of the attacked IP network router device, resulting in paralysis of the IP network router device.
In addition to DoS attacks, IP network router devices also face a large number of malformed packets and error messages in the network. These packets will consume a large amount of processing power from IP network router devices, ping of Death attacks can also be seen as a form of malformed packets. At the same time, user data on the network may also be maliciously monitored or intercepted. Currently, the effective prevention method is to use the IPSec protocol to encrypt user data.
2. control/signaling plane
The attack on the control/signaling plane is mainly to obtain the routing information in the network by establishing the routing relationship between the illegal or unauthorized IP network router equipment and the legitimate equipment in the network. Encryption and authentication through the routing protocol can effectively prevent such attacks. Currently, r12002, OSPF, and IS-IS support for plaintext authentication and MD5 encryption, BGP, LDP and other protocols rely on MD5 encryption and authentication of TCP to ensure the security of protocol packets.
3. Management plane
At present, the remote management of IP network router devices mainly uses Telnet, Web, and other methods, while Telnet and HTTP protocols do not provide security functions, user Data, user accounts, and passwords are transmitted In plain text, which are easily stolen by listeners and vulnerable to Man-In-the-Middle (Man In the Middle) attacks. To solve the remote management problem of network devices, SSH and SSL protocols are primarily used. SSH (Secure Shell) is a reliable protocol that provides security for remote login sessions and other network services. The SSH protocol can effectively prevent information leakage during Remote Management. The SSL (Secure Socket Layer) protocol can encrypt the communication between the browser and the Web server during remote management using the Web method.