Defense Strategies Flashcards
VLAN Hopping is the act of gaining access to traffic on other VLANS that would not normally be accessible by jumping from one VLAN to another.
How do you defend against this?
Put unplugged ports on the switch into an unused VLAN
Configure the switch ports in charge of passing tagged frames to be trunks and to explicitly forward specific tags
Pick an unused VLAN as the default VLAN for all trunks, and do not use it for any other intent.
Ping flood is an old type of DoS when an attacker attempts to send many ICMP echo requests (port 7) in an attempt to use up a victims bandwidth.
How do you defend against this?
Configure the system not to respond to ICMP Echosq
Smurf attacks send large amounts of ICMP echo requests to the broadcast address of a network (.255) where every computer replies to a spoofed IP (spoof the victims IP, send them the traffic)
How do you defend against this?
Configure hosts not to respond to pings or ICMP echoes
Configure routers not to forward packets directed to broadcast addresses
Implement subnetting with smaller subnetworks
Employe network ingress filtering
Fraggle attacks are similar to Smurf attacks except for the traffic is sent via UDP.
How do you defend against this?
Configure routers not to forward packets directed to broadcast addresses
Employ network filtering, disabling ports 7 and 19
SYN flood is the most common type of DoS used in a DDoS. It is when an attacker sends a large amount of SYN requests packets to a server in an attempt to deny service.
How do you protect against this?
Recycle half-open connections after a predetermined amount of time
Use IDS to detect the attack
A ping of death is an oversized and malformed packet sent via ICMP to another computer.
How do you defend against this
Configure hosts not to respond to pings or ICMP echoes.
Verify operating systems are running the latest service packs and updates.
Update the firmware on any hardware-based firewalls, and update any software-based firewalls
Teardrop attack is a type of DoS which sends mangled IP fragments with overlapping and oversized payloads to the target machine.
How do you defend against this?
Upgrade operating systems
Consider third party downloads
DDoS is when a group of compromised systems attack a single target, causing a DoS to occur at the target host.
How do you defend against this?
Update firewalls.
Use IPS.
Utilize a “clean pipe”
Spoofing is when an attacker masquerades as another person by falsifying information (Email addresses, MAC addresses, IP addresses, etc)
How do you defend against this?
Carefully select applications.
User awareness.
In the case of IP spoofing, incorporate packet filtering and repeat authentication schemes.
Session theft is when an attacker attempts to steal a user’s session using the owner’s cookie and authentication information.
How do you defend against this?
Use encryption.
Use CHAP
TCP/IP hijacking is when a hacker takes over a TCP session between two computers without the need of a cookie or any other type of host access.
How do you defend against this?
Employ encrypted transport protocols such as SSL, IPsec, and SSH
MITM is a form of eavesdropping that intercepts all data between a client and a server, relaying that information back and forth.
How do you defend against this?
Implement SSL/TLS using a mutually trusted third-party certification authority
Replay attacks are when valid data transmissions are maliciously or fraudulently repeated or delayed.
How do you defend against this?
Use session tokens.
Implement timestamping and synchronization.
Use a nonce.
A null session is a connection to the windows interprocess communications share (IPC$)
How do you defend against this?
Update computers
Filter ports 139 and 445
Transitive access is when one computer uses a second computer to attack a third, based on the trust of the second and third computers.
How do you defend against this?
Authentication
Firewalls
IDS/IPS
Updates
