WEBVTT 1 00:00:00.000 --> 00:00:01.560 In this lesson, 2 00:00:01.560 --> 00:00:05.670 we will learn about network misconfigurations. 3 00:00:05.670 --> 00:00:09.090 Network misconfigurations include errors 4 00:00:09.090 --> 00:00:13.080 or incorrect settings within network devices 5 00:00:13.080 --> 00:00:15.570 that can lead to performance issues, 6 00:00:15.570 --> 00:00:19.890 security vulnerabilities, or connectivity failures. 7 00:00:19.890 --> 00:00:22.466 Network misconfiguration concepts 8 00:00:22.466 --> 00:00:27.150 include insecure routing and configuration drift. 9 00:00:27.150 --> 00:00:31.369 Insecure routing occurs when protocols or configurations 10 00:00:31.369 --> 00:00:34.380 lack proper security measures 11 00:00:34.380 --> 00:00:37.560 such as authentication or encryption. 12 00:00:37.560 --> 00:00:40.470 Configuration drift is the gradual 13 00:00:40.470 --> 00:00:42.520 and often unnoticed changes 14 00:00:42.520 --> 00:00:46.800 in network configurations over time. 15 00:00:46.800 --> 00:00:49.590 Let's learn more about insecure routing 16 00:00:49.590 --> 00:00:52.170 and configuration drift. 17 00:00:52.170 --> 00:00:55.260 First, we have insecure routing. 18 00:00:55.260 --> 00:00:59.220 Insecure routing occurs when network routing protocols 19 00:00:59.220 --> 00:01:03.300 or configurations are not properly secured, 20 00:01:03.300 --> 00:01:06.570 leaving the network vulnerable to attacks. 21 00:01:06.570 --> 00:01:09.900 One of the key issues with insecure routing 22 00:01:09.900 --> 00:01:13.470 is the lack of authentication between routers, 23 00:01:13.470 --> 00:01:16.020 allowing attackers to potentially send 24 00:01:16.020 --> 00:01:18.720 false routing information. 25 00:01:18.720 --> 00:01:22.350 This can lead to attacks like route hijacking, 26 00:01:22.350 --> 00:01:26.610 where an attacker redirects traffic to malicious servers 27 00:01:26.610 --> 00:01:30.360 or route spoofing where fake routing information 28 00:01:30.360 --> 00:01:34.140 is introduced to disrupt network traffic. 29 00:01:34.140 --> 00:01:37.293 For example, if border gateway protocol, 30 00:01:37.293 --> 00:01:41.730 a common routing protocol is not secured, 31 00:01:41.730 --> 00:01:44.760 an attacker could inject malicious routes, 32 00:01:44.760 --> 00:01:47.730 leading to the redirection of network traffic 33 00:01:47.730 --> 00:01:50.490 to unauthorized locations. 34 00:01:50.490 --> 00:01:53.245 This could happen if an attacker were to exploit 35 00:01:53.245 --> 00:01:57.060 a Border Gateway Protocol or BGP router 36 00:01:57.060 --> 00:01:59.261 that lacks proper authentication, 37 00:01:59.261 --> 00:02:03.021 allowing the attacker to advertise false routes 38 00:02:03.021 --> 00:02:05.220 to neighboring routers. 39 00:02:05.220 --> 00:02:08.752 Once these neighboring routers receive the malicious routes, 40 00:02:08.752 --> 00:02:12.463 they may accept them without proper validation. 41 00:02:12.463 --> 00:02:15.902 As a result, these false routes are propagated 42 00:02:15.902 --> 00:02:19.685 across the network, causing legitimate traffic 43 00:02:19.685 --> 00:02:23.970 to be redirected through the attacker's infrastructure 44 00:02:23.970 --> 00:02:28.020 where it can be intercepted or manipulated. 45 00:02:28.020 --> 00:02:32.250 Another critical vulnerability in insecure routing 46 00:02:32.250 --> 00:02:36.150 is the use of outdated or weak protocols. 47 00:02:36.150 --> 00:02:39.930 Protocols like the routing information protocol 48 00:02:39.930 --> 00:02:43.530 are considered insecure because they lack encryption 49 00:02:43.530 --> 00:02:46.080 and authentication mechanisms, 50 00:02:46.080 --> 00:02:49.350 making them easy targets for attackers. 51 00:02:49.350 --> 00:02:53.110 If protocols like the Routing Information Protocol or RIP 52 00:02:54.120 --> 00:02:56.957 are used without any security enhancements, 53 00:02:56.957 --> 00:03:01.350 attackers can easily manipulate routing tables. 54 00:03:01.350 --> 00:03:04.605 This could allow them to intercept sensitive data 55 00:03:04.605 --> 00:03:09.120 or reroute traffic to unauthorized destinations. 56 00:03:09.120 --> 00:03:11.520 So to address this issue, 57 00:03:11.520 --> 00:03:15.962 organizations should replace outdated protocols like RIP 58 00:03:15.962 --> 00:03:18.047 with more secure options 59 00:03:18.047 --> 00:03:21.798 like Open Shortest Path First or OSPF, 60 00:03:21.798 --> 00:03:24.452 which supports authentication. 61 00:03:24.452 --> 00:03:26.738 Encryption is a key factor 62 00:03:26.738 --> 00:03:30.630 in securing communication between routers, 63 00:03:30.630 --> 00:03:34.290 especially when routing information is transmitted 64 00:03:34.290 --> 00:03:37.530 over public or untrusted routes. 65 00:03:37.530 --> 00:03:39.840 Without encryption, routing data 66 00:03:39.840 --> 00:03:42.360 can be intercepted by attackers, 67 00:03:42.360 --> 00:03:45.920 giving them the opportunity to manipulate routing tables 68 00:03:45.920 --> 00:03:49.410 or monitor network traffic flows. 69 00:03:49.410 --> 00:03:53.670 While routing protocols often rely on authentication 70 00:03:53.670 --> 00:03:55.470 to ensure integrity, 71 00:03:55.470 --> 00:04:00.240 encryption methods like Internet Protocol Security or IPSec 72 00:04:00.240 --> 00:04:05.190 can be used to secure routing updates over public networks. 73 00:04:05.190 --> 00:04:09.210 This prevents unauthorized access to routing data 74 00:04:09.210 --> 00:04:11.730 and reduces the risk of traffic 75 00:04:11.730 --> 00:04:15.450 being redirected or intercepted by attackers. 76 00:04:15.450 --> 00:04:18.545 Using encryption alongside authentication 77 00:04:18.545 --> 00:04:21.325 provides an additional layer of protection 78 00:04:21.325 --> 00:04:23.430 in routing security. 79 00:04:23.430 --> 00:04:26.190 So to prevent insecure routing, 80 00:04:26.190 --> 00:04:29.190 organizations should implement authentication 81 00:04:29.190 --> 00:04:32.760 and in encryption within their routing protocols. 82 00:04:32.760 --> 00:04:35.940 Next, enabling features like authentication 83 00:04:35.940 --> 00:04:40.410 in OSPF or BGP helps ensure that routers 84 00:04:40.410 --> 00:04:45.000 will only accept routing information from trusted sources. 85 00:04:45.000 --> 00:04:47.670 Additionally, regularly reviewing 86 00:04:47.670 --> 00:04:50.310 and updating router configurations, 87 00:04:50.310 --> 00:04:52.984 as well as disabling outdated protocols 88 00:04:52.984 --> 00:04:57.480 can significantly reduce the risk of attack. 89 00:04:57.480 --> 00:05:01.050 Second, we have configuration drift. 90 00:05:01.050 --> 00:05:03.150 Configuration drift happens 91 00:05:03.150 --> 00:05:05.880 when network device configurations 92 00:05:05.880 --> 00:05:08.700 gradually change over time. 93 00:05:08.700 --> 00:05:12.120 These changes often caused by updates, 94 00:05:12.120 --> 00:05:16.050 manual interventions, or environmental factors 95 00:05:16.050 --> 00:05:19.278 can lead to configuration inconsistencies 96 00:05:19.278 --> 00:05:21.360 across the network. 97 00:05:21.360 --> 00:05:23.340 When configurations drift, 98 00:05:23.340 --> 00:05:26.580 security vulnerabilities may arise as devices 99 00:05:26.580 --> 00:05:31.580 begin to behave in ways that were not originally intended. 100 00:05:31.770 --> 00:05:34.530 For instance, if a firewall rule 101 00:05:34.530 --> 00:05:37.860 is altered due to configuration drift, 102 00:05:37.860 --> 00:05:40.170 it could unintentionally allow 103 00:05:40.170 --> 00:05:43.380 unauthorized traffic into the network, 104 00:05:43.380 --> 00:05:46.920 exposing the system to potential attacks. 105 00:05:46.920 --> 00:05:49.636 One common source of configuration drift 106 00:05:49.636 --> 00:05:52.238 is manual configuration changes 107 00:05:52.238 --> 00:05:55.170 that are not properly documented. 108 00:05:55.170 --> 00:05:57.915 Network administrators might small adjustments 109 00:05:57.915 --> 00:06:02.280 to troubleshoot an issue or improve performance, 110 00:06:02.280 --> 00:06:06.965 but over time, these undocumented changes accumulate, 111 00:06:06.965 --> 00:06:10.830 leading to misaligned configurations. 112 00:06:10.830 --> 00:06:14.460 An example of this is an access control list 113 00:06:14.460 --> 00:06:17.700 that has been manually adjusted on one router, 114 00:06:17.700 --> 00:06:20.520 but not synced with other routers. 115 00:06:20.520 --> 00:06:24.180 This could result in inconsistent security policies 116 00:06:24.180 --> 00:06:25.860 across the network, 117 00:06:25.860 --> 00:06:30.420 allowing unauthorized access in certain areas. 118 00:06:30.420 --> 00:06:33.270 Configuration drift can also affect 119 00:06:33.270 --> 00:06:35.670 the stability of the network. 120 00:06:35.670 --> 00:06:39.390 As devices drift from their original settings, 121 00:06:39.390 --> 00:06:42.049 they may start to behave unpredictably, 122 00:06:42.049 --> 00:06:46.380 causing performance degradation or even outages. 123 00:06:46.380 --> 00:06:50.203 For example, if load balancing configurations 124 00:06:50.203 --> 00:06:54.510 drift on a server, it could lead to some backend servers 125 00:06:54.510 --> 00:06:58.950 being overburdened, while others remain underutilized. 126 00:06:58.950 --> 00:07:03.810 This imbalance reduces the overall efficiency of the network 127 00:07:03.810 --> 00:07:08.810 and could result in downtime if systems become overwhelmed. 128 00:07:08.850 --> 00:07:11.441 So, to combat configuration drift, 129 00:07:11.441 --> 00:07:14.100 organizations should implement 130 00:07:14.100 --> 00:07:16.455 automated configuration management tools 131 00:07:16.455 --> 00:07:21.455 like Cisco's Network Services Orchestrator, or Ansible. 132 00:07:22.230 --> 00:07:24.720 These tools continuously monitor 133 00:07:24.720 --> 00:07:26.790 the network's configurations, 134 00:07:26.790 --> 00:07:29.850 ensuring that any unauthorized changes 135 00:07:29.850 --> 00:07:33.150 are immediately flagged and corrected. 136 00:07:33.150 --> 00:07:38.040 Regular backups of configurations along with periodic audits 137 00:07:38.040 --> 00:07:40.920 can also help detect drift early 138 00:07:40.920 --> 00:07:44.070 before it becomes a major issue. 139 00:07:44.070 --> 00:07:47.275 By maintaining consistent and secure configurations 140 00:07:47.275 --> 00:07:49.260 across the network, 141 00:07:49.260 --> 00:07:52.380 organizations can ensure better performance, 142 00:07:52.380 --> 00:07:56.340 security, and overall network reliability. 143 00:07:56.340 --> 00:08:01.290 So remember, network misconfigurations are errors 144 00:08:01.290 --> 00:08:04.360 or incorrect settings within network devices 145 00:08:04.360 --> 00:08:07.553 that can lead to security vulnerabilities, 146 00:08:07.553 --> 00:08:11.730 performance issues, or connectivity failures. 147 00:08:11.730 --> 00:08:14.963 Insecure routing and configuration drift 148 00:08:14.963 --> 00:08:19.770 are two common types of network misconfigurations. 149 00:08:19.770 --> 00:08:22.907 Insecure routing happens when routing protocols 150 00:08:22.907 --> 00:08:27.907 or configurations lack necessary security measures 151 00:08:27.960 --> 00:08:30.660 like authentication and encryption, 152 00:08:30.660 --> 00:08:33.690 making the network vulnerable to attacks 153 00:08:33.690 --> 00:08:35.850 such as route hijacking. 154 00:08:35.850 --> 00:08:39.750 Configuration drift occurs when network settings 155 00:08:39.750 --> 00:08:42.120 gradually change over time 156 00:08:42.120 --> 00:08:45.450 due to updates or manual interventions, 157 00:08:45.450 --> 00:08:49.770 leading to inconsistencies and potential security gaps. 158 00:08:49.770 --> 00:08:52.446 Both issues can significantly disrupt 159 00:08:52.446 --> 00:08:57.446 network performance and security if not properly managed.