CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

Guarding Against Packet Sniffers

Packet sniffers represent a significant threat to network security. Packet sniffers can capture traffic at a host, which jeopardizes your ability to maintain confidentiality and data integrity across the network.

Authentication

One of the most effective ways to defeat password attacks is to require strong passwords for administrator accounts and to provide users with proper training in selecting strong passwords for their own accounts. Many operating systems currently provide built-in password-testing tools to guide users in selecting strong passwords.

Another effective way to defeat password attacks is to use strong authentication, such as OTPs. Using OTPs is a two-factor authentication system that requires a person to have two items of information to complete the authentication. Typically, these items are something that the person has and something that the person knows. For example, many OTP systems use a token card to generate the password to be used. Token cards are hardware or software devices that generate a unique, random password either at timed intervals or on a per-use basis. The token card requires a personal identification number (PIN) to generate the proper OTP. In some cases, the randomly generated passwords are combined with the PIN to create a completely unique password for that one time. This method is very similar to the bank ATM. An account holder must have both their ATM card and knowledge of their PIN to access their account.

Switched Infrastructure

Switched infrastructures present a significant hurdle to packet sniffers by reducing the amount of traffic that is seen by the host that is doing the sniffing. The attacker has access only to the traffic that is destined for the specific port that the compromised host connects to. Although this does not completely eliminate the threat posed by packet sniffers, it greatly reduces their effectiveness.

Antisniffing Tools

Another method to mitigate packet sniffers is to use software or hardware that is designed to detect the use of packet sniffers. Third-party "antisniffer" tools are available that can detect changes in the response time of hosts to determine whether the hosts are processing more traffic than their own. Other software can run on the host and detect whether the network interface has entered promiscuous mode, which is necessary to facilitate sniffing activities.

Cryptography

Using cryptography is one of the most effective ways to mitigate packet sniffing. Essentially, encrypted communication renders packet sniffers irrelevant. A packet sniffer that is monitoring a cryptographic channel sees only data that appears to be a random string of bits. The original message is secure. Cryptography may involve the use of IPSec VPN tunnels, the use of the Secure Shell Protocol (SSH) to connect to another system, or the use of Secure Socket Layer (SSL).