Network Attacks – Prevention or Mitigation
Denial of Service – DoS – Distributed Denial of Service
DDoS - attack is a resource consumption attack with the goal of
preventing legitimate activity on the system
o Prevention
Add firewalls, routers, IDS's
Maintain good contact with your ISP
Disable echo replies
Disable broadcast features on border systems
Block spoofed packets from entering or leaving the
network
Keep all systems patched
Consider commercial DoS protection
Eavesdropping - simply listening to communication traffic for the
purpose of duplication of that traffic
Impersonation/Masquerading - the act of pretending to be someone or
something you are not to gain access to a system
o Prevention - onetime pads, token authentication, kerberos,
encryption
Replay Attacks - offshoot of impersonation attacks and are made
possible through capturing network traffic via eavesdropping
o Prevention - onetime authentication and sequenced session
identification
Modification Attacks - captured packets are altered and then played
against a system
o Prevention - digital signature verification and packet checksum
verification
ARP Poisoning - ARP is a subprotocol of the TCP/IP protocol suite and
operates at the data link layer (layer 2) - ARP is used to discover the
MAC address of a system by polling using its IP address
1
Denial of Service – DoS – Distributed Denial of Service
DDoS - attack is a resource consumption attack with the goal of
preventing legitimate activity on the system
o Prevention
Add firewalls, routers, IDS's
Maintain good contact with your ISP
Disable echo replies
Disable broadcast features on border systems
Block spoofed packets from entering or leaving the
network
Keep all systems patched
Consider commercial DoS protection
Eavesdropping - simply listening to communication traffic for the
purpose of duplication of that traffic
Impersonation/Masquerading - the act of pretending to be someone or
something you are not to gain access to a system
o Prevention - onetime pads, token authentication, kerberos,
encryption
Replay Attacks - offshoot of impersonation attacks and are made
possible through capturing network traffic via eavesdropping
o Prevention - onetime authentication and sequenced session
identification
Modification Attacks - captured packets are altered and then played
against a system
o Prevention - digital signature verification and packet checksum
verification
ARP Poisoning - ARP is a subprotocol of the TCP/IP protocol suite and
operates at the data link layer (layer 2) - ARP is used to discover the
MAC address of a system by polling using its IP address
1
