CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید






  • Mitigating Reconnaissance Attacks


    Reconnaissance attack mitigation centers on protecting the network from scouting forays by attackers. It is not possible to completely protect address range information in ARIN, APNIC, and RIPE or domain name information in a network registrar from being evaluated by an attacker. You must assume that an attacker can ferret out that information with relative ease. With that in mind, you should understand that, realistically, defense begins at the network perimeter, and starting it there involves two basic techniques: reducing the network posture visibility and hardening the application.

    Network Posture Visibility


    Reducing the visibility of the network posture involves reducing the number of services in the public-facing segment of the network to a minimum. This means that if a web server, an SMTP server, an FTP server, and a DNS server are situated in the DMZ of the Corporate Internet module, the only inbound ports open at the edge router are for web, e-mail, FTP, and DNS to those servers. All other ports are blocked with an access control list (ACL). If other hosts exist in the DMZ but access from the outside is not required, no traffic should reach these hosts through the edge router. This concept is shown in Figure 8-1. There are four servers behind the router:

    • WWW

    • DNS

    • SMTP

    • SQL


    Figure 8-1. Network Posture Visibility

    The attacker scans the network but only finds three serversWWW, DNS, and SMTP servers. The fourth server is not visible to the attacker because the ACLs on the router deny access to the SQL server.

    Application Hardening


    Application hardening involves staying current on patches for all applications and reducing any information the applications may provide through service banners. It is possible to configure sendmail, a popular mail transport agent (MTA), so that it does not announce its version number when another MTA connects to it. Similarly, many Telnet and FTP daemons can be configured not to announce the operating system type or version number when a client connects. Removing banner information from the application makes reconnaissance much more difficult for an attacker.

  • / 290