Staying Persistent In Software Defined Networks - can i be funny

    • Thứ Tư, 8 tháng 1, 2020

    Home Staying Persistent In Software Defined Networks

    Staying Persistent In Software Defined Networks

    by Gregory Pickett

    The Open Network Install Environment, or ONIE, makes commodity or WhiteBox Ethernet possible. By placing a common, Linux-based, install environment onto the firmware of the switch, customers can deploy the Network Operating Systems of their choice onto the switch and do so whenever they like without replacing the hardware. The problem is, if this gets compromised, it also makes it possible for hackers to install malware onto the switch. Malware that can manipulate it and your network, and keep doing it long after a Network Operating System reinstall.

    With no secure boot, no encryption, no authentication, predictable HTTP/TFTP waterfalls, and exposed post-installation partition, ONIE is very susceptible to compromise. And with Network Operating Systems such as Switch Light, Cumulus Linux, and Mellanox-OS via their agents Indigo and eSwitchd not exactly putting up a fight with problems like no authentication, no encryption, poor encryption, and insufficient isolation, this is a real possibility.

    In this session, we'll cover the weaknesses in ONIE, ways to reach the platform through these Network Operating Systems, and what can happen if we don't properly protect the Control Plane these switches run on. I'll even demonstrate with a drive-by web-attack that is able to pivot through a Windows management station to reach the isolated control plane network, and infect one of these ONIE-based switches with malware, malware that's there even after a refresh. You'll even get the source code to take home with you to see how easily it's done. Finally, we'll talk about how to compensate for these issues so that your network doesn't become infected with and manipulated by this sort of persistent firmware-level malware.

    Staying Persistent In Software Defined Networks blackhat 2015

    3 Likes3 Dislikes
    356 views views117K followers
    People & Blogs Upload TimePublished on 29 Dec 2015

    Related keywords

    1. infosec news
    2. information security manager
    3. blackhat asia 2019
    4. blackhat 2019
    5. infosec twitter
    6. blackhat 2018
    7. black hat seo technique
    8. blackhat europe
    9. blackhat badger sekiro
    10. black hat x reader
    11. black hat cartoon
    12. black hat x dr flug
    13. cyber securityとは
    14. blackhat conference 2019
    15. cyber security cloud
    16. black hat full movie
    17. blackhat badger
    18. blackhat forum
    19. information security foundation 勉強
    20. infosec rotkreuz
    21. cyber security framework
    22. information security policy template
    23. infosecurity utrecht
    24. infosec ups system
    25. cyber security news
    26. cyber security act
    27. infosecurity
    28. blackhat full movie
    29. infosec blog
    30. black hat badger
    31. information security foundation 参考書
    32. information security management system
    33. cyber security conference
    34. black hat seo
    35. cyber security pro
    36. black hat movie
    37. blackhat imdb
    38. infosec podcast
    39. black hat cast
    40. cyber security pro 新しいネットワークが検出されました
    41. cyber security cloud managed rules
    42. cyber security measures
    43. information security governance
    44. infosec global
    45. infosecurity europe 2020
    46. infosec health
    47. infosec magazine
    48. information security 日本語
    49. infosec 19
    50. black hat anime
    51. information security foundation
    52. infosecurity magazine
    53. cyber security tokyo
    54. black hat meaning
    55. black hatch
    56. information security definition
    57. information security pdf
    58. infosec europe 2019
    59. cyber security market
    60. infosec institute
    61. infosec 2019 london
    62. information security foundation 難易度
    63. black hatch gamefowl
    64. cyber security management system
    65. information security certifications
    66. blackhat film
    67. cyber security pro アンインストール
    68. information security specialist
    69. cyber security 意味
    70. cyber security analyst
    71. information security policy
    72. black hat usa 2019
    73. information security forum
    74. information security news
    75. infosec conferences
    76. information security officer
    77. infosekta
    78. cyber security japan
    79. blackhat trailer
    80. information security analyst
    81. cyber security university
    82. black hat hacker
    83. black hat forum
    84. cyber security company
    85. black hat hacking
    86. black hat villainous
    87. blackhat conference
    88. information security foundation based on iso/iec 27001
    89. blackhat usa
    90. cyber security report
    91. blackhatworld
    92. black hat x demencia
    93. information security management
    94. blackhat cast
    95. black hat 2019
    96. infosec reactions
    Posted by: -

    Không có nhận xét nào:

    Đăng nhận xét

    Đăng ký: Đăng Nhận xét (Atom)