لطفا منتظر باشید ...
Foundation Summary
The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your CSI exam, a well-prepared CSI candidate should at a minimum know all the details in each "Foundation Summary" section before taking the exam.Network attacks include reconnaissance, unauthorized access, DoS, application layer, and trust exploitation attacks. For each type of attack, different methods can be used to mitigate the attack, but they are all based on BCPs and various concepts within the SAFE framework.The effects of a reconnaissance attack can be reduced through a combination of a reduction in the network posture visibility and application hardening. Reducing network posture visibility includes reducing to a minimum the number of services in the public-facing segment of the network. Application hardening involves staying current on patches for the various applications on the network and reducing the amount of information provided by applications in the service banners.DoS and DDoS attacks can be mitigated through the use of antispoofing, anti-DoS features in network equipment, and traffic-rate limiting. Antispoofing includes implementing RFC 2827 filtering both by the ISP at the edge router and at the client network.Anti-DoS features that are available in Cisco equipment include the TCP intercept feature of routers, whereby the router "catches" the TCP SYN packet from the external client or server and responds for the target system. If the external client or server does not complete the TCP three-way handshake, the router or PIX Firewall drops the packets and the connection. This helps to protect systems from TCP SYN flood attacks.Traffic-rate limiting is a method in which all nonessential traffic is given only a small fraction of the total bandwidth in the link. This can be used to identify important traffic to and from the network and to help to limit the damage caused by, say, an ICMP flood.Mitigation of unauthorized access comes down to implementing tight ACLs both on routers and on firewalls and using network IDSs (NIDSs) and host-based IPSs.Mitigation of application layer attacks can be accomplished by doing the following:
- Keeping current on all software patches
- Subscribing to mailing lists such as bugtraq and the CERT mailing lists
- Reading the operating system and network logs and using available log-analysis tools
Additionally, NIDSs and host-based IPSs can be used to identify attacks that are crossing a subnet or reaching a host and trying to exploit a vulnerability.Trust exploitation attacks can be mitigated through tight network access control and tight constraints on trust level within a network.
