High-Level Network Threats
- Information gathering
- Sniffing
- Spoofing
- Session Hijacking
- Denial of Service
Information gathering
Information gathering can reveal detailed information about network topology,System configuration, and network devices.
Sniffing :
Sniffing is an act of network monitoring for traffic data.There are lot many packet sniffing tools are available to monitor the network.(Ex :ethereal)
Spoofing :
Spoofing means hide one's own identity. A fake source address is used for attack the target.
Session Hijacking:
The session hijacking, also known as man in the middle attacks, the attacker uses an
application that masquerades as either the client or the server.
Denial of Service:
A Denial of Service attack is the act of denying users to access the server or services.
Snapshot of a Secure Network:
Router :
- Patches and Updates of Router operating system is patched with up-to-date software.
Protocols :
- Unused protocols and ports are blocked.
- Ingress and egress filtering is implemented.
ICMP traffic is screened from the internal network. - TTL expired messages with values of 1 or 0 are blocked (route tracing is
disabled). - Directed broadcast traffic is not forwarded.
- Large ping packets are screened.
- Routing Information Protocol (RIP) packets, if used, are blocked at the outermost router.
Administrative access:
- Unused management interfaces on the router are disabled.
- A strong administration password policy is enforced.
- Static routing is used.
- Web-facing administration is disabled
Services:
- Unused services are disabled.
Auditing and Logging :
- Logging is enabled for all denied traffic.
- Logs are centrally stored and secured.
- Auditing against the logs for unusual patterns is in place.
Intrusion detection :
- IDS is in place to identify and notify of an active attack.
Network ACLs :
- The network is structured so ACLs can be placed on hosts and networks.
No comments:
Post a Comment