CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

e

d

a

b

d

b,d

e

a

b

d

What are the two basic methods of mitigating reconnaissance attacks?

Reducing network posture visibility and application hardening

What is network posture visibility reduction?

Network posture visibility reduction is an effort to reduce to a minimum the number of services in the public-facing segment of the network. Only those services that are essential for network operation are accessible from the Internet, such as SMTP, HTTP, and DNS.

What steps should be taken to harden an application against attack?

Application hardening involves staying current on patches for all applications and reducing any information the applications may provide through service banners.

DoS and DDoS attacks focus on what part of the network architecture?

DoS attacks and DDoS attacks focus on the weak points in the network architecture where these attacks may have an advantage. Typically, this is at the edge router of the network.

What are the three primary methods of mitigating DoS and DDoS attacks?

Implementing antispoofing techniques such as RFC 2827 filtering, applying anti-DoS features in the edge router and firewalls, and applying traffic-rate limitations to nonessential traffic.

What is RFC 2827 filtering and who does it?

RFC 2827 calls for filtering at the edge of the ISP network where customer networks connect. Traffic should be filtered at the edge by restricting traffic to only those prefixes assigned that are to the customer. Typically, the ISP implements RFC 2827 filtering at the edge but enterprise networks can also make good use of RFC 2827 filtering because filtering prevents any spoofed traffic from originating in the enterprise network.

In addition to traffic-rate limiting, what can be done to mitigate DoS attacks?

QoS can also be implemented in addition to traffic-rate limiting. QoS enables an organization to identify permitted traffic and ensure that it is handled quickly while other, potentially unauthorized traffic is relegated to slower handling.

Why is it easy to mitigate unauthorized access attacks?

Mitigation of unauthorized access attacks simply relies on denying access to ports that an attacker should not be able to connect to. This can be done by implementing tight ACLs both on routers and on firewalls.

Why are application layer attacks always a security risk?

Application layer attacks can never be completely eliminated because new vulnerabilities are being constantly discovered in applications across every platform and operating system. Additionally, as software becomes increasingly complex, the likelihood of a catastrophic vulnerability increases dramatically.

How can application layer attacks best be mitigated?

Application layer attacks can best be mitigated by implementing system administration BCPs, by keeping current on all software patches, by subscribing to mailing lists, such as bugtraq and the CERT mailing lists, and by reading the operating system and network logs and using available log-analysis tools to identify trends that may indicate a potential attack.

How do NIDSs help to mitigate application layer attacks?

A NIDS detects a potential attack and can then instruct a router or firewall to terminate the session.

How can host-based IPSs help to mitigate application layer attacks?

A host-based IPS can protect a host by detecting unauthorized activity or file modifications through a process on the host and then respond to that activity by denying it and raising an alarm on the host-based IPS console.

How can trust exploitation attacks be mitigated?

Trust exploitation attacks can be mitigated through tight network access control and tight constraints on trust levels within a network.