CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید











  • Mitigating Port Redirection Attacks


    Mitigating port redirection requires the use of good trust models. Trust models can be implemented by proper access restrictions between hosts. As long as there is an implicit trust between hosts that is based on IP addresses, the problem of port redirection will not be solved. A host-based IPS can be used to detect and possibly prevent an attacker who is trying to install port redirection software, such as HTTPtunnel or NetCat, for use in a port redirection attack.

    In Figure 9-3, the firewall permits any machine on the Internet to connect to the web server on the DMZ. Additionally, the firewall permits all traffic from the DMZ into the internal LAN and permits all traffic from the DMZ to the Internet. Finally, the firewall permits all traffic from the internal LAN going out.

    Figure 9-3. Port Redirection Attack

    An attacker can exploit a vulnerability in the web server to gain access to that host. Once access to the web server in the DMZ is obtained, the attacker can set up port redirection software to redirect traffic so that the traffic connects to the system on the internal LAN. In


    • / 290