03/30/2014
IS3220
Unit 2 Assignment 1
Selecting Security Countermeasures
The primary components that make up a network infrastructure are routers, firewalls, and switches. An attacker may exploit poorly configured network devices. Common vulnerabilities include weak default installation settings, wide open access controls, and devices lacking the latest security patches. Top network level threats include:
•Information gathering
•Sniffing
•Spoofing
•Session hijacking
•Denial of service
Information Gathering
Network devices can be discovered and profiled in much the same way as other types of systems. Attackers usually start with port scanning. After they identify open ports, they use banner grabbing and enumeration to detect device types and to determine operating system and application versions. Armed with this information, an attacker can attack known vulnerabilities that may not be updated with security patches.
Countermeasures to prevent information gathering include:
•Configure routers to restrict their responses to footprinting requests.
•Configure operating systems that host network software (for example, software firewalls) to prevent footprinting by disabling unused protocols and unnecessary ports.
Sniffing or eavesdropping is the act of monitoring traffic on the network for data such as plaintext passwords or configuration information. With a simple packet sniffer, an attacker can easily read all plaintext traffic. Also, attackers can crack packets encrypted by lightweight hashing algorithms and can decipher the payload that you considered to be safe. The sniffing of packets requires a packet sniffer in the path of the server/client communication.
Countermeasures to help prevent sniffing include:
•Use strong physical security and proper segmenting of the network. This is the first step in preventing traffic from being collected locally.
•Encrypt communication fully, including...