VMware vSphere Security Cookbook
上QQ阅读APP看书,第一时间看更新

Network threats

Network threats are the largest in number due to the nature of the Internet and enterprise data connectivity. Since virtual switches function similar to physical switches, most, if not all, threats that have faced the traditional networking environment continue to face the virtualization environment. Even threats to specific Cisco IOS versions, for example, can affect the virtual network environment since there is a Cisco Nexus 1000 virtual switch available for VMware. There are several types of network attacks that generally fall into the following categories:

  • Denial of service attack: This attack is usually focused on large commercial websites with the intent of making the website unavailable. A denial of service takes place when the web server or network device is overloaded by legitimate requests. In the case of an e-commerce website, a denial of service attack can cost the company millions of dollars. In another example, a recent attack used Network Time Protocol (NTP) to take down popular gaming services including League of Legends and www.ea.com.
  • Hijacking or man-in-the-middle attack: This attack takes advantage of the TCP/IP protocol stack between endpoints. Hijacking is an attack where the attacker takes control over a legitimate user session that has already been connected and authenticated. In a man-in-the-middle attack, the attacker is able to observe, intercept, read, and modify messages between two systems. As an example, an attacker might set up a fake Wi-Fi hotspot at a coffee shop and observe traffic that passes from the users to the Internet.
  • Sniffing: This is the process of capturing and collecting network packets regardless of their destination. A sniffer is either hardware or software that can listen on a wired or wireless network interface. Common sniffer software includes Wireshark, TCPdump, and Network Monitor. A full view of the data within each collected packet is provided by a sniffer if the packets are not encrypted.
  • Trojans: This is also known as malware or spyware. Once installed by the unwitting user, the code can collect certain information from the user's system and send it back to the attacker.
  • Spoofing: IP spoofing is when an attacker sends IP packets from a false source address. This technique is used to trick the destination address into allowing the traffic since the source address is seen as valid. IP spoofing is often used in distributed denial of service attacks. In this example, the attacker sends a flood of packets that appear to have originated from multiple valid source addresses to a specified target address in an attempt to overload the network device.

Other types of network threats do exist, but for the purposes of this overview, the general types explained give you the background required for configurations in the virtual environment.