DeepSec 2012 Talk: Own the Network – Own the Data
We all use networks every day. This is obvious when it comes to the Internet, but there are more networks if you use phones and other gadgets. Like it or not, these networks are a part of your infrastructure. Now you know, but attackers (and security people) knew this before. So, what can happen to your data if the network is compromised? The short answer: a lot! The long answer is given by Paul Coggin in his presentation at DeepSec 2012.
Paul’s presentation discusses the security issues with the critical network architectures being deployed by service providers and utilities to support next generation network services such as IPTV, 3G/4G, smart grid, and more. There’s a lot happening behind the scenes. Once new products are announced, the stage has already been prepared.
Network infrastructure security is often neglected during the typical security audit process due a lack of router and switch knowledge (auditors usually jump right at the applications, but there’s a lot more than layer 7). The talk will discuss attack vectors that enable an attacker to take control of network infrastructure by targeting common configuration mistakes, trust relationships, interdependencies and protocol weaknesses.
The presentation will explain what an attacker may do with network infrastructure components once captured to gain further influence and complete access to network resources and data. This is the part where your answer to the question „Do you want to play a game?“ should have been clearly „No!“.
You will get an overview of the new networks being built to support critical infrastructure for service providers and utilities and immediately jump into the real world problems that can be seen by a network designer and a penetration tester. This talk is technical and gets into the details of how the transport and access networks work and how they are being exploited by targeting common implementation and configuration mistakes. So if you are in the business of designing and deploying critical infrastructure, then you should definitely listen to Paul.