42 Chapter 2 ■ System Fundamentals
With the explosion of wireless routers and switches that have flooded the market in the
last decade, sniffing has regained some of its prowess and ease. Sniffing a Wi-Fi network
captures traffic from all of its clients; it is not limited to a particular switchport collision
domain. A simple utility and a laptop can pull in some amazingly useful data.Hubs are devices similar to switches except they operate at the physical
layer and are considered dumb devices. They make no decisions in terms
of data direction or addressing. Highly reduced prices and increased focus
on security have allowed switches to make hubs virtually obsolete, except
in specific applications.Proxies and Firewalls
No network device discussion would be complete without delving into the world of proxies
and firewalls. These devices are the bread and butter of ethical hackers in that they are the
devices deliberately put in place to prevent unauthorized access. To test the strength of an
organization’s perimeter is to ensure that their perimeter gate guard is alive and well.Proxies
Proxy servers work in the middle of the traffic scene. You may have been exposed to the
forwarding side of proxies; for example, your browser at work may have been pointed to a
proxy server to enable access to an outside resource such as a website. There are multiple
reasons to implement such a solution. Protection of the internal client systems is one ben-
efit. Acting as an intermediary between the internal network client systems and outside
untrusted entities, the proxy is the only point of exposure to the outside world. It prevents
the client system from communicating directly with an outside source, thereby reducing
exposure and risk. Additionally, as the middleman the proxy has the capability of protect-
ing users (client systems) from themselves. In other words, proxies can filter traffic by con-
tent. This means proxies operate at the application layer (layer 7).
A substantial leg up on lower-level firewalls, proxies can filter outgoing traffic requests
and verify legitimate traffic at a detailed level. Thus, if users try to browse to, say, hackme
.com, they’ll be denied the request completely if the filters are applied to prevent it. Proxies
also speed up browsing by caching frequently visited sites and resources. Cached sites can
be served to local clients at a speed much faster than downloading the actual web resource.The concept of proxy operation is applicable to other realms besides just
caching traffic and being an application layer firewall. In Chapter 12, ses-
sion hijacking uses proxy-like techniques to set up the attack.