1
00:00:00,790 --> 00:00:08,800
‫The vulnerabilities we may come across during the penetration test are as follows lack of access control

2
00:00:08,800 --> 00:00:15,970
‫list network devices provide basic traffic filtering capabilities with access control lists.

3
00:00:16,930 --> 00:00:22,930
‫Access control lists can be configured for all routed network protocols to filter the packets of those

4
00:00:22,930 --> 00:00:26,110
‫protocols as the packets pass through a router.

5
00:00:27,620 --> 00:00:34,640
‫You can configure access control lists at your router to control access to a network access lists can

6
00:00:34,640 --> 00:00:38,330
‫prevent certain traffic from entering or exiting a network.

7
00:00:40,120 --> 00:00:41,890
‫Insecure password methods.

8
00:00:42,940 --> 00:00:48,100
‫While creating a credential for a network device, there might be more than one method to create the

9
00:00:48,100 --> 00:00:49,240
‫password for the account.

10
00:00:49,750 --> 00:00:52,680
‫And some of these methods are not secure either.

11
00:00:52,690 --> 00:00:59,500
‫The passwords are stored and transferred as clear text, or they are encoded or encrypted by an easy

12
00:00:59,500 --> 00:01:00,460
‫to crack cipher.

13
00:01:01,510 --> 00:01:09,880
‫Web interfaces to manage the network device using Web services and interfaces to manage network devices

14
00:01:09,880 --> 00:01:11,770
‫brings new responsibilities.

15
00:01:12,880 --> 00:01:19,240
‫First of all, you should use HTTPS instead of http to avoid clear text traffic.

16
00:01:21,990 --> 00:01:29,280
‫Hardening the Web application against the vulnerabilities such as SQL injection and access as implementing

17
00:01:29,280 --> 00:01:35,100
‫an appropriate authentication mechanism and access control are some other concerns of securing a web

18
00:01:35,100 --> 00:01:35,790
‫application.

19
00:01:36,830 --> 00:01:46,700
‫Insecure as an MP versions, S&P depends on secure strings or community strings that grant access to

20
00:01:46,700 --> 00:01:48,050
‫portions of devices.

21
00:01:48,050 --> 00:01:55,640
‫Management claims abuse of S&P could allow an unauthorized third party to gain access to a network device.

22
00:01:57,200 --> 00:02:04,940
‫As an MP, TV3 should be the only version of an MP employed because as an MP, TV3 has the ability to

23
00:02:04,940 --> 00:02:12,410
‫authenticate and encrypt payloads when either as an MP, V1 or as an MP v two are employed.

24
00:02:12,410 --> 00:02:18,110
‫Like I was saying earlier, an adversary could sniff network traffic to determine the community strength.

25
00:02:18,500 --> 00:02:19,400
‫You saw that happen.

26
00:02:19,730 --> 00:02:20,690
‫You did it yourself.

27
00:02:21,890 --> 00:02:26,360
‫This compromise could enable a man in the middle or replay attack.

28
00:02:27,520 --> 00:02:28,090
‫Telnet.

29
00:02:29,840 --> 00:02:35,900
‫Telnet data is sending clear text, so as you know, a man in the middle is able to read the traffic.

30
00:02:36,620 --> 00:02:42,620
‫It's certainly a good idea to use, for example, SSA age to access network devices, especially when

31
00:02:42,620 --> 00:02:44,750
‫going through a public network like internet.

32
00:02:46,280 --> 00:02:53,150
‫And as you're probably aware, S.H. would encrypt all the data sent between the client and server.

33
00:02:53,480 --> 00:02:57,470
‫And even if someone gets a hand on the data, it's of absolutely no use.

34
00:02:58,970 --> 00:03:01,040
‫Non complex passwords.

35
00:03:02,270 --> 00:03:08,600
‫Even if you use the right password methods, you should always use complex passwords because you are

36
00:03:08,600 --> 00:03:13,910
‫always under the risk of password cracking attacks such as brute force and dictionary attacks.