Network Security Attacks Technical Solutions
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Network Security
AttacksTechnical Solutions
AcknowledgmentsMaterial is sourced from: CISA® Review Manual 2011, © 2010, ISACA. All rights reserved. Used by
permission. CISM® Review Manual 2012, © 2011, ISACA. All rights reserved. Used by
permission. Many other Network Security sources http://www.csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
Author: Susan J Lincke, PhDUniv. of Wisconsin-Parkside
Reviewers/Contributors: Todd Burri, Kahili Cheng
Funded by National Science Foundation (NSF) Course, Curriculum and Laboratory Improvement (CCLI) grant 0837574: Information Security: Audit, Case Study, and Service Learning.
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and/or source(s) and do not necessarily reflect the views of the National Science Foundation.
ObjectivesThe student should be able to:Define attacks: script kiddy, social engineering, logic bomb, Trojan horse, phishing, pharming, war driving, war dialing, man-in-the-middle attack, SQL injection, virus, worm, root kit, dictionary attack, brute force attack, DOS, DDOS, botnet, spoofing, packet reply.Describe defenses: defense in depth, bastion host, content filter, packet filter, stateful inspection, circuit-level firewall, application-level firewall, de-militarized zone, multi-homed firewall, IDS, IPS, NIDS, HIDS, signature-based IDS, statistical-based IDS, neural network, VPN, network access server (RADIUS/TACACS), honeypot, honeynet, hash, secret key encryption, public key encryption, digital signature, PKI, vulnerability assessmentIdentify techniques (what they do): SHA1/SHA2, MD2/MD4/MD5, DES, AES, RSA, ECC.Describe and define security goals: confidentiality, authenticity, integrity, non-repudiationDefine service’s & server’s data in the correct sensitivity class and roles with accessDefine services that can enter and leave a networkDraw network Diagram with proper zones and security equipment
The Problem of Network Security
The Internet allows an attacker to attack from anywhere in the world from their home desk.
They just need to find one vulnerability: a security analyst need to close every vulnerability.
Solution: Layered defense
Stages of a Cyber-OperationTarget Identification Opportunistic Attack:
focuses on any easy-to-break-into site
Targeted Attack: specific victim in mind Searches for a vulnerability
that will work.
Hacking NetworksReconnaissance Stage Physical Break-In Dumpster Diving Google, Newsgroups,
Web sites Social Engineering
Phishing: fake email Pharming: fake web pages
WhoIs Database & arin.net
Domain Name Server Interrogations
Registrant: Microsoft Corporation One Microsoft Way Redmond, WA 98052 US
Domain name: MICROSOFT.COM
Administrative Contact: Administrator, Domain [email protected] One Microsoft Way Redmond, WA 98052 US +1.4258828080 Technical Contact: Hostmaster, MSN [email protected] One Microsoft Way Redmond, WA 98052 US +1.4258828080
Registration Service Provider: DBMS VeriSign, [email protected] 800-579-2848 x4 Please contact DBMS VeriSign for domain updates,
DNS/Nameserver changes, and general domain support questions.
Registrar of Record: TUCOWS, INC. Record last updated on 27-Aug-2006. Record expires on 03-May-2014. Record created on 02-May-1991.
Domain servers in listed order: NS3.MSFT.NET 213.199.144.151 NS1.MSFT.NET 207.68.160.190 NS4.MSFT.NET 207.46.66.126 NS2.MSFT.NET 65.54.240.126 NS5.MSFT.NET 65.55.238.126
Hacking NetworksReconnaissance StageWar Driving: Can I find a wireless network?
War Dialing: Can I find a modem to connect to?
Network Scanning: What IP addresses, open ports, applications exist?
Protocol Sniffing: What is being sent over communications lines?
Passive Attacks
Eavesdropping: Listen to packets from other parties = Sniffing
Traffic Analysis: Learn about network from observing traffic patterns
Footprinting: Test to determine software installed on system = Network Mapping
B
Packet A
C
Bob
Jennie
Carl
Login: Ginger Password: Snap
Hacking Networks:Gaining Access Stage
Network Attacks: IP Address Spoofing Man-in-the-Middle
System Attacks: Buffer Overflow Password Cracking SQL Injection Web Protocol Abuse Watering Hole Attack Trap Door Virus, Worm, Trojan
horse
aaaabac…babb…aaaaabaac…
Some Active Attacks
Denial of Service: Message did not make it; or service could not run
Masquerading or Spoofing: The actual sender is not the claimed sender
Message Modification: The message was modified in transmission
Packet Replay: A past packet is transmitted again in order to gain access or otherwise cause damage
Denial of Service Joe
Ann
Bill
SpoofingJoe (Actually Bill)
Ann
Bill
MessageModification Joe
Ann
Packet Replay Joe
Ann
Bill
Bill
Man-in-the-Middle Attack
10.1.1.1
10.1.1.2
10.1.1.3(1) Login
(3) Password
(2) Login
(4) Password
SQL Injection Java Original: “SELECT * FROM
users_table WHERE username=” + “’” + username + “’” + “ AND password = “ + “’” + password + “’”;
Inserted Password: Aa’ OR ‘’=’ Java Result: “SELECT * FROM
users_table WHERE username=’anyname’ AND password = ‘Aa’ OR ‘ ‘ = ‘ ‘;
Inserted Password: foo’;DELETE FROM users_table WHERE username LIKE ‘%
Java Result: “SELECT * FROM users_table WHERE username=’anyname’ AND password = ‘foo’; DELETE FROM users_table WHERE username LIKE ‘%’
Inserted entry: ‘|shell(“cmd /c echo “ & char(124) & “format c:”)|’
Login:
Password:
Welcome to My System
NIST SP 800-118 Draft
Password Cracking:Dictionary Attack & Brute Force
Pattern Calculation
Result Time to Guess(2.6x1018/month)
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264 5x105
8 chars: lower case alpha 268 2x1011
8 chars: alpha 528 5x1013
8 chars: alphanumeric 628 2x1014 3.4 min.
8 chars alphanumeric +10 728 7x1014 12 min.
8 chars: all keyboard 958 7x1015 2 hours
12 chars: alphanumeric 6212 3x1021 96 years
12 chars: alphanumeric + 10 7212 2x1022 500 years
12 chars: all keyboard 9512 5x1023
16 chars: alphanumeric 6216 5x1028
Hacking Networks:Hiding Presence; Establishing Persistence
Backdoor
Trojan Horse
Spyware/Adware
Command & ControlUser-Level Rootkit
Kernel-Level Rootkit
Replaces systemexecutables: e.g. Login, ls, du
Replaces OS kernel:e.g. process or filecontrol to hide
Control system:system commands,log keystrokes, pswd
Useful utility actuallycreates a backdoor.
Slave forwards/performscommands;
Spyware: Keystroke logger collects info: passwords,
collect credit card #s,AdWare: insert ads,filter search results
Spread & infect,list email addrs, DDOS attacks
Bot
Distributed Denial of Service Zombies
VictimAttacker Handler
Can barrage a victimserver with requests,causing the networkto fail to respond to anyone
Russia Bulgaria UnitedStates
Zombies
Question
An attack where multiple computers send connection packets to a server simultaneously to slow the firewall is known as:
1. Spoofing
2. DDOS
3. Worm
4. Rootkit
Question
A man in the middle attack is implementing which additional type of attack:
1. Spoofing2. DoS3. Phishing4. Pharming
Network Security
Network Defense
Encryption
Security: Defense in Depth
Border RouterPerimeter firewallInternal firewallIntrusion Detection SystemPolicies & Procedures & AuditsAuthenticationAccess Controls
Bastion Host
Computer fortified against attackers
Applications turned off
Operating system patched
Security configuration tightened
Attacking the NetworkWhat ways do you see of getting in?
The Internet
De-MilitarizedZone
Private Network
Border Router/Firewall
Commercial Network
Internal FirewallWLAN
Filters: Firewalls & Routers
Route Filter: Verifies source/destination IP addressesPacket Filter: Scans headers of packets Content Filter: Scans contents of packet (e.g., IPS)
Default Deny: Any packet not explicitly permitted is rejected
Fail Safe or Fail Secure: If router fails, it fails shut
The good, the bad &the ugly…
Filter
The bad &the ugly
The Good
Packet Filter Firewall
Web Request
Ping Request
FTP request
Email Connect Request
Web Response
Telnet Request
Email Response
SSH Connect Request
DNS Request
Email Response
WebResponse
Illegal Source IP Address
Illegal Dest IP Address
Microsoft NetBIOS Name Service
CampusDesire2Learn
Lab
HealthServices
Register
Library
Students &Instructors
Students &Instructors
Nurses
Public Web
Public: Potential Students
Graduates
Login
Confidential
Private
Public
Legend
Advisors &Registrars
Informal Path of Logical Access
PoS
Staff
Step 1: Determine Services: Who, What, Where?
WorkbookService
(e.g., web, sales database)
Source(e.g., home, world, local
computer)
Destination(local server, home,
world, etc.)Registration, Desire2Learn
Students and Instructors:Anywhere in the World
Computer Service Servers
Registration Registrars and Advisers: On campus
Computer Service Servers
Library databases
On campus students and staff.Off-campus requires login
Specific off-site library facilities
Health Services On campus: nurses office Computer Service Servers
External (Internet) web services
On campus: Campus labs, dorms, faculty offices
Anywhere in the world
Step 2: Determine Sensitivity of Services
WorkbookService Name
(E.g., web, email)
Sensitivity Class(E.g.,
Confidential)
Roles(E.g., sales, engineering)
Server(*=Virtual)
Desire2-Learn
Private Current Students, Instructors
Student_
ScholasticRegistration
Confidential
Current Students, Registration, Accounting, Advising, Instructors
Student_
Register
Health Service
Confidential
Nurses Health_Services
Web Pages: activities, news, departments, …
Public Students, Employees, Public
Web_Services*
Isolation & Compartmentalization
Compartmentalize network by Sensitivity Class & Role
Segment Network into Regions = Zones E.g., DMZ, wireless, Payment Card
Isolate Apps on Servers: physical vs. virtual (e.g. VMware) Virtual Servers combine onto one Physical server.
has own OS and limited section of disk. Hypervisor software is interface between virtual system’s
OS and real computer’s OS.
External DNS
Web Server
E-Commerce EmailServer
Protected Internal Network
Zone
Database/File Servers
Internet
Multi-Homed Firewall:Separate Zones
Demilitarized Zone
ScreenedHost
The router serves as a screen for theFirewall, preventing Denial of Serviceattacks to the Firewall.
ScreeningDevice:Router
PrivatePayment Card
Zone IPS
IDS
Step 3: Allocate Network ZonesWorkbook
Zone Services
Zone Description(You may delete or add rows as necessary)
Internet This zone is external to the organization. De-Militar-ized Zone
Web, Email, DNS
This zone houses services the public are allowed to access in our network.
Wireless Network
Wireless local employees
This zone connects wireless/laptop employees/students (and crackers) to our internal network. They have wide access.
Private Server Zone
Databases This zone hosts our student learning databases, faculty servers, and student servers.
Confidential Zone
Payment card, health, grades info
This highly-secure zone hosts databases with payment and other confidential (protected by law) information.
Private user Zone
Wired staff/ students
This zone hosts our wired/fixed employee/classroom computer terminals. They have wide univ. & external access.
Student Lab Zone
Student labs
This zone hosts our student lab computers, which are highly vulnerable to malware. They have wide access
Step 4: Define ControlsWorkbook
Zone Server(*=Virtual)
Service Required Controls(Conf., Integrity, Auth., Nonrepud., with tools: e.g.,
Encryption/VPN, hashing, IPS)De-Militarized Zone
Web_Services*,Email_ServerDNS_Server
Web, Email, DNS
Hacking: Intrusion Prevention System, Monitor alarm logs, Anti-virus software within Email package.
Wireless Network
Wireless local users
Confidentiality: WPA2 EncryptionAuthentication: WPA2 Authentication
Private Server Zone
StudentScholasticStudent_FilesFaculty_Files
Classroom software,Faculty & student storage.
Confidentiality: Secure Web (HTTPS), Secure Protocols (SSH, SFTP).Authentication: Single Sign-on through TACACSHacking: Monitor logs
Data Privacy
Confidentiality: Unauthorized parties cannot access information (->Secret Key Encryption
Authenticity: Ensuring that the actual sender is the claimed sender. (->Public Key Encryption)
Integrity: Ensuring that the message was not modified in transmission. (->Hashing)
Nonrepudiation: Ensuring that sender cannot deny sending a message at a later time. (->Digital Signature)
Confidentiality Joe
Ann
Bill
Authenticity
Joe (Actually Bill)
Ann
Bill
Integrity Joe
Ann
Non-Repudiation Joe
Ann
Bill
Confidentiality:
Encryption – Secret KeyExamples: DES, AES
EncryptKsecret
DecryptKsecret
plaintextciphertext
plaintext
Sender, Receiver have IDENTICAL keysPlaintext = Decrypt(Ksecret, Encrypt(Ksecret,Plaintext))
NIST Recommended: 3DES w. CBC AES 128 Bit
Confidentiality, Authentication, Non-Repudiation
Public Key EncryptionExamples: RSA, ECC, Quantum
EncryptKpublic
DecryptKprivate
Key ownerJoe
Encryption(e.g., RCS)
DecryptKpublic
EncryptKprivate
Message, private key
Digital Signature
Key owner
Authentication,Non-repudiationJoe
Sender, Receiver have Complimentary KeysPlaintext = Decrypt(kPRIV, Encrypt(kPUB,Plaintext))
Plaintext = Decrypt(kPUB, Encrypt(kPRIV,Plaintext))
NIST Recommended:2011: RSA 2048 bit
Confidentiality:
Remote Access Security
Virtual Private Network (VPN) often implemented with IPSec
Can authenticate and encrypt data through Internet (red line) Easy to use and inexpensive Difficult to troubleshoot Susceptible to malicious software and unauthorized actions Often router or firewall is the VPN endpoint
The Internet
Firewall
VPN Concentrator
Integrity:
Secure Hash FunctionsExamples: HMAC, SHA-2, SHA-3
Message
H
K Message HMessageK H H
Compare
Secure Hash
Message
H
Message Message
H
H H H
H
Compare
HMAC
K K
Ensures the message was not modified during transmission
NIST Recommended: SHA-2, SHA-3
HTransmitted Hash
Encrypted K(Sender’s Private)
Non-Repudiation:
Digital Signature Electronic Signature Uses public key
algorithm Verifies integrity of
data Verifies identity of
sender: non-repudiation
Message
Msg Digest
Authentication:
Public Key Infrastructure (PKI)
DigitalCertificate User: Sue
Public Key:2456
1. Sue registers withCA through RA
Certificate Authority(CA)
Register(Owner, Public Key) 2. Registration Authority(RA) verifies owners
3. Send approvedDigital Certificates
5. Tom requests Sue’s DC 6. CA sends Sue’s DC
Sue
Tom
4. Sue sendsTom messagesigned withDigital Signature
7. Tom confirmsSue’s DS
Hacking Defense:
Intrusion Detection/Prevention Systems (IDS or IPS)
Network IDS=NIDS Examines packets for attacks Can find worms, viruses, or
defined attacks Warns administrator of attack IPS=Packets are routed
through IPS
Host IDS=HIDS Examines actions or resources
for attacks Recognize unusual or
inappropriate behavior E.g., Detect modification or
deletion of special files
Router
Firewall
IDS
IDS/IPS Intelligence Systems
Signature-Based: Specific patterns are recognized
as attacks
Statistical-Based: The expected behavior of the
system is understood If variations occur, they may be
attacks (or maybe not)Neural Networks: Statistical-Based with self-learning
(or artificial intelligence) Recognizes patterns
Attacks:
NastyVirusBlastWorm
NastyVirus
NIDS:ALARM!!!
0
10
20
30
40
50
60
70
80
90
Mon. Tues. Wed. Thurs.
Sales
Personnel
Factory
Nor
mal
Hacking Defense:
Evaluating Applications Unified Threat Management =
SuperFirewall = firewall + IPS + anti-virus + VPN capabilitiesConcerns are redundancy and bandwidth.
Blacklist= restrict access to particular web sites, e.g., social and email sites
Whitelist= permit access to only a limited set of web sites.
Hacking Defense:
Honeypot & HoneynetHoneypot: A system with a special software application
which appears easy to break intoHoneynet: A network which appears easy to break into Purpose: Catch attackers All traffic going to honeypot/net is suspicious If successfully penetrated, can launch further attacks Must be carefully monitored
External DNS
IDS Web Server
E-Commerce VPNServer
Firewall
HoneyPot
Hacking Defense:
Vulnerability Assessment Scan servers, work stations, and control
devices for vulnerabilitiesOpen services, patching, configuration
weaknesses Testing controls for effectiveness
Adherence to policy & standards Penetration testing
Router
External DNS
Email PublicWeb Server
E-Commerce
Firewall
Zone 1:Student Labs & Files
Internet
Step 5: Draw Network DiagramWorkbook
Demilitarized Zone
Zone 2:Faculty Labs & Files
Student Records
Student Billing
Transcripts
StudentScholastic
StudentHistory
Zone 3:Confidential Data
StudentBilling
Path of Logical AccessHow would access control be improved?
The Internet
De-MilitarizedZone
Private Network
Border Router/Firewall
Router/FirewallWLAN
Protecting the Network
The Internet
De-MilitarizedZone
Private Network
Border Router: Packet Filter
Bastion Hosts
Proxy server firewallWLAN
University Scenario:
Dual in-line Firewalls
Writing Rules
Policies Network Filter Capabilities
Write Rules
Protected Network
Audit Failures
Corrections
Fail-Safe: If the filter fails, it fails closedDefault Deny: If a specific rule does not apply,
The packet is dropped.
FirewallConfigurations
A A
terminal
firewall
hostRouter Packet Filtering:Packet header is inspectedSingle packet attacks caughtVery little overhead in firewall: very quickHigh volume filter
A A
terminal
firewall
host
A
Stateful InspectionState retained in firewall memoryMost multi-packet attacks caughtMore fields in packet header inspectedLittle overhead in firewall: quick
FirewallConfigurations
A B
terminal
firewall
hostCircuit-Level Firewall:Packet session terminated and recreated via a Proxy ServerAll multi-packet attacks caughtPacket header completely inspectedHigh overhead in firewall: slow
A B
terminal
firewall
host
A
Application-Level FirewallPacket session terminated and recreated via a Proxy ServerPacket header completely inspectedMost or all of application inspectedHighest overhead: slow & low volume
A B
B
Web Page Security
SQL Filtering: Filtering of web input for SQL Injection
Encryption/Authentication: Ensuring Confidentiality, Integrity, Authenticity, Non-repudiation
Web Protocol Protection: Protection of State
Summary of Controls
Conf-ident.
Integ-rity
Authen. Non-repud.
Anti-Hack
Encryption Protocols: S-HTTP, HTTPS, SSL, SSH2, PGP, S/MIME
x ? ?
Virtual Private Network (VPN): IPsec x x x
Wireless: WPA2, TKIP, IEEE 802.11i x x x
Hashing: HMAC, SHA, MD5 x
Digital Signature x x
Public Key Infrastructure x x x
Centralized Access Control: RADIUS, TACACS
x
Kerberos x x
Authentication: biometric, flash drive, token x
Conf-ident.
Integ-rity
Authen. Non-repud.
Anti-Hack
Firewall, App. or web firewall x
Mobile device mgmt x
Antivirus, Endpoint Security x
Event Logs/SIEM x
Intrusion Detection/Prevention Systems x
Unified Threat Mgmt x
Vulnerability Assessment x
Risk, Policy Mgmt x
Honeypot/Honeynet x
Email security mgmt x x
Bastion host x
Question
A map of the network that shows where service requests enter and are processed
1. Is called the Path of Physical Access
2. Is primarily used in developing security policies
3. Can be used to determine whether sufficient Defense in Depth is implemented
4. Helps to determine where antivirus software should be installed
Question
The filter with the most extensive filtering capability is the
1. Packet filter
2. Application-level firewall
3. Circuit-level firewall
4. State Inspection
Question
The technique which implements non-repudiation is:
1. Hash
2. Secret Key Encryption
3. Digital Signature
4. IDS
Question
Anti-virus software typically implements which type of defensive software:
1. Neural Network
2. Statistical-based
3. Signature-based
4. Packet filter
Question
MD5 is an example of what type of software:
1. Public Key Encryption
2. Secret Key Encryption
3. Message Authentication
4. PKI
Question
A personal firewall implemented as part of the OS or antivirus software qualifies as a:
1. Dual-homed firewall2. Packet filter3. Screened host4. Bastion host
HEALTH FIRST CASE STUDY
Designing Network Security
Jamie Ramon MDDoctor
Chris Ramon RDDietician
TerryLicensed Practicing Nurse
PatSoftware Consultant
Defining Services which can Enter and Leave the Network
Service Source
(e.g., home, world, local computer)
Destination
(local server, home, world,
etc.)
Defining Services and ServersWorkbook
Service(e.g., web, sales
database)
Source(e.g., home, world, local
computer)
Destination(local server, home,
world, etc.)Registration, Desire2Learn
Students and Instructors:Anywhere in the World
Computer Service Servers
Registration Registrars and Advisers: On campus
Computer Service Servers
Library databases
On campus students and staff.Off-campus requires login
Specific off-site library facilities
Health Services On campus: nurses office Computer Service Servers
External (Internet) web services
On campus: Campus labs, dorms, faculty offices
Anywhere in the world
Define Services & Servers
Which data can be grouped together by role and sensitivity/criticality?
Service Name
Sensitivity Class.
Roles with Access
Server Name
Confidential –Management
Public – Web Pages
Privileged –Contracts
Evaluating Service Classes & RolesWorkbook
Service Name(E.g., web,
email)
Sensitivity Class(E.g.,
Confidential)
Roles(E.g., sales, engineering)
Server(*=Virtual)
Desire2-Learn
Private Current Students, Instructors
Student_
ScholasticRegistration
Confidential
Current Students, Registration, Accounting, Advising, Instructors
Student_
Register
Health Service
Confidential
Nurses Health_Services
Web Pages: activities, news, departments, …
Public Students, Employees, Public
Web_Services*
Defining Zones and Controls
Compartmentalization:Zone = Region (E.g., DMZ, wireless, internet)Servers can be physical or virtual
Zone Service
Server Required Controls
(Conf., Integrity, Auth., Nonrepud., with tools: e.g., Encryption/VPN)
Defining ZonesWorkbook
Zone Services
Zone Description(You may delete or add rows as necessary)
Internet This zone is external to the organization. De-Militar-ized Zone
Web, Email, DNS
This zone houses services the public are allowed to access in our network.
Wireless Network
Wireless local employees
This zone connects wireless/laptop employees/students (and crackers) to our internal network. They have wide access.
Private Server Zone
Databases This zone hosts our student learning databases, faculty servers, and student servers.
Confidential Zone
Payment card, health, grades info
This highly-secure zone hosts databases with payment and other confidential (protected by law) information.
Private user Zone
Wired staff/ students
This zone hosts our wired/fixed employee/classroom computer terminals. They have wide univ. & external access.
Student Lab Zone
Student labs
This zone hosts our student lab computers, which are highly vulnerable to malware. They have wide access
Defining Controls for ServicesWorkbook
Zone Server(*=Virtual)
Service Required Controls(Conf., Integrity, Auth., Nonrepud., with tools: e.g.,
Encryption/VPN, hashing, IPS)De-Militarized Zone
Web_Services*,Email_ServerDNS_Server
Web, Email, DNS
Hacking: Intrusion Prevention System, Monitor alarm logs, Anti-virus software within Email package.
Wireless Network
Wireless local users
Confidentiality: WPA2 EncryptionAuthentication: WPA2 Authentication
Private Server Zone
StudentScholasticStudent_FilesFaculty_Files
Classroom software,Faculty & student storage.
Confidentiality: Secure Web (HTTPS), Secure Protocols (SSH, SFTP).Authentication: Single Sign-on through TACACSHacking: Monitor logs
Router
External DNS
Email PublicWeb Server
E-Commerce
Firewall
Zone 1:Student Labs & Files
Internet
Draw the Network Diagram
Demilitarized Zone
Zone 2:Faculty Labs & Files
Student Records
Student Billing
Transcripts
StudentScholastic
StudentHistory
Zone 3:Student Data
StudentBilling
MSVisioDiagram
ReferenceSlide # Slide Title Source of Information
7 Passive Attacks CISA: page 331,333, 352
9 Some Active Attacks CISA: page 330, 332, 352
10 Man-in-the –Middle Attack CISA: page 331
12 Password Cracking: dictionary Attack & Brute Force CISA: page 330
14 Botnets CISA: page 330
15 Distributed Denial of Service CISA: page 330
23 Packet Filter Firewall CISA: page 353, 354
24 Firewall Configurations CISA: page 353 – 355
25 Firewall Configurations CISA: page 354
26 Multi-Homed Firewall: Separate Zones CISA: page 355
33 Intrusion Detection Systems (IDS)Intrusion Prevention System (IPS)
CISA: page 355, 356
34 IDS Intelligence Systems CISA: page 356
35 Honeypot & Honeynet CISA: page 356, 357
37 Encryption – Secret Key CISA: page 357
38 Public Key Encryption CISA: page 357, 358
39 Remote Access Security CISA: page 361
40 Secure Hash Functions CISA: page 359, 361, 362
41 Digital Signature CISA: page 359
42 Public Key Infrastructure (PKI) CISA: page 359, 360
Related Documents
