Syn Attack
high number of half open connections
Macro Virus
Not depending on size of packet
Distributed Denial of Service
First Phase - compromise as many machines as possible. Components - client, handler, agent, target
VPN Software
Does not encrypt
Bots and Botnets
Bots are zombies controlled by shadowy figures - largest shource of spam e-mail
Teardrop
ip fragments are constructed so that the target host calculates a negative fragment length
Overlapping fragment attack
subvert packet filters that only inspect the first fragment of a fragmented packet.
Source Routing Exploitation
sender specifies path
Smurg and Fraggle attacks
use broadcasts to create DoS attacks. Smurf misuses ICMP. Fraggel uses UDP
NFS Attacks
basic authentication method easy to exploit
Network Nws Transport Protocol Secuirty
NNTP - main shortcoming authentication
Finger Use Information Protocol
last log in time of a user and whether currently logged in
Network Time Protocol
NTP sychronizes computer clocks
DoS
overload with excessive traffic
Syn Flood Attack
DoS against the inital handshake - overloads the target's connection table
Spoofing
bogus source address
Session Highjack
unatuhorized insertion of packets into a data stream
Layer Ethernet 802.3 is placed on
Data Link Layer
Best Proactive Network Defense
Perimeter Surveillance and intelligence gathering
Network is not the target of attack in
man in the middle attack
Most effective against a distribute DoS attack
Traffic Filtering
Optimal placement for network based intrusion detection systems
On the network perimeter to alert the network administrator of all suspicious activity
End-point devices most likely be considered part of a converged IP network
fileserver, ip phone, security camera
an advantage of fiber-optic over copper cables from a security perspective
more difficult to wiretap
Part of a network's perimeter defense
firewall, proxy server, host based intrusion detection system
Principal Security Risk of wireless LANs
Lack of physical access controls
WLAN's SSID configured with adequate security protection
SSIDs are not for authentication
IPSec
provides mechanisms for authentication and encryption
Security Event Manager
aggreagates logs from security devices and application servers looking for suspiious activity
DNS weakness
lack of authenticationof servers and therby the authenticity of records