|< Free Open Study >|
Many of the operating systems available today can be made to be somewhat secure. Unfortunately, it is common for many default installations of operating system software packages to leave systems vulnerable to outside attack. For security purposes, it is essential that you stop (disable) any unneeded services and remove or unbind any unnecessary protocols that are not needed by a system that has direct connection to an outside influence such as the Internet.
If you are using the Windows operating system and have an external connection to the Internet, you should consider removing the following protocols from your external NIC cards TCP/IP protocol bindings. This can be accomplished through the Windows Control Panel:
You should also consider removing or disabling the following services from a system if they are not needed. Keep in mind that disabling particular services might render a system useless for particular
Computer browser service
IIS Admin service
FTP Server service
DHCP (Dynamic Host Configuration Protocol)
It is likely that the exam will ask you what unused services should be removed or disabled from a system to reduce the risk of malicious attack.
From a network as well as operating systems perspective, the following items should always be taken into consideration when hardening an environment from outside destructive forces:
Always apply the most recent hot-fixes and service
Block all TCP/IP and UDP ports that are not needed for network traffic. As a general rule, block TCP port 139 and UDP ports 137 and 138.
It is likely that the exam will target this issue. The blocking of these ports should be on the first page of any Security 101 book or procedure.
Enable a strong password structure.
Enable auditing and logging .
|< Free Open Study >|
|< Free Open Study >|
You hear about them on the radio, you read about them in the newspapers and in newsgroups. They are receiving more and more media attention than ever. If you are unlucky enough, you might experience them first hand on your home PC or your office workstation. They are computer attacks! Computer attacks, intrusions, and information theft are well on the rise. If companies and PC
This section concentrates on the most common types of computer attack methods that you are most likely to encounter on the current Security+ exam. In order for you to protect your network or PC, it is first important to gain an understanding of the methods intruders use to break into your system and ultimately, your privacy. We will concern
It is very important that you understand each of these attack methods. It is likely that the exam will present you with a scenario. You will then have to choose which type of attack method is being implemented.
brute force attack
comes in the form of a program that uses trial and error methods to guess or figure out passwords, encrypted keys, or PINs. This form of attack uses all possible combinations of
is the name used to identify a form or class of brute force attack that attempts to resolve a certain class of cryptic hash functions. The birthday attack gets its
Denial of Service (DoS)
attack is most commonly launched as a malicious attack with the intent of disabling or removing computer services or resources that are normally available. Although sometimes unintentional or accidental, most DoS attacks are intended to stop or destroy network related services such as Web sites or e-mail. Typically, this type of attack is designed to render a network or
Buffer overflow attack:
is a temporary data storage area, usually
RAM (Random Access Memory)
that holds a predefined amount of data that is shared by programs and devices. If a buffer gets full, data that is
When a session or request from a
TCP (Transmission Control Program)
sender or client and a network file server or host is started, a
request is sent to the host from the client. The host must answer with a
Decrease the time-out waiting for the three-way handshake.
IP (Internet protocol)
uses a special technique to divide large network packets into what are called
Ping of death attack:
The IP protocol places a sending packet size limitation of 65,536 bytes per packet sent on an IP network. As mentioned earlier, IP can break down a packet into IP fragments or segments before they are sent out on a network. A known weakness of this method is that
Smurf attack: This is another DoS attack where an attacker or perpetrator floods an IP network with echo replies in response to ping messages sent out by a victim. The packets that flood the network are sent to all possible IP nodes on a given network congesting the network until it is useless for normal IP traffic. The attacker typically uses a technique known as spoofing to carry out this attack. The packets are spoofed, meaning they are sent out with someone else’s return address. The best-known method of defending against a Smurf attack is to disable IP multicast broadcast addressing at each router on each subnet (sub-network) within a corporate network.
Land attack: This is another DoS attack where a malicious attacker attempts to set up a TCP session with a server computer. If the server establishes a session with the attacker, the server will fall into a closed loop and will have to be rebooted. This is also a form of IP spoofing.
This type of attack typically uses a predefined list of words such as those found in an English dictionary. The attacking program runs through the list of words until it finds a match to the password it is searching for. Today, a brute force attack is used more commonly to calculate a password or figure out combinations of words in place of this
With this type of attack, the attacker uses a program that places them between the sender of information and the receiver, appearing to the sender as a client, and appearing to the receiver as a server. While “in the middle,” the attacker can intercept data and information and replace it with bad or destructive information.
A Man-in-the-Middle attack is not considered a DoS attack. You might be expected to know this on the exam. Be able to differentiate the individual attack methods as well as the attack types.
A replay attack is considered a form of degradation of service attack as opposed to a Denial of Service attack. With a replay attack, small bursts of traffic are sent from multiple locations to a single host. This inundates the host with traffic. The functionality of the host declines over time until it is basically unable to provide resources and services.
In order to combat and prevent this type of attack, the IETF (Internet Engineering Task Force) Internet Protocol Security IPSec standard uses an anti-replay protocol. This protocol makes it virtually
In networking security terms, hijacking means taking control of a communication session while it exists. There are several types of hijacking techniques used by modern-day hackers and would-be thugs. A man-in the-middle attack (mentioned earlier in this chapter) is a type of hijacking attack. There are also DNS (Domain Name Server) hijacking techniques.
With a basic TCP/IP hijack, a perpetrator can gain control of a communication session if his or her attacking program can acquire a random initial sequence number (ISN) that is used by two systems to start a packet transmission sequence. This is an older form of hijacking that has supposedly been addressed in IPv6 (Internet protocol Version 6).
For an excellent description of TCP port hijacking,
Password crackers are programs such as Lophtcrack that can figure out easily passwords that are secret or encrypted. Password cracker programs can employ (for free) attack methods such as brute force, dictionary attacks, and other methods to break passwords.
are programs or devices that gather network packets. They can be used for legitimate network administration purposes, such as monitoring network traffic, or for destructive and illegal purposes, such as extracting passwords,
is a technique used to
sounds like a pretty constructive and harmless set of words, doesn’t it? Don’t be fooled! Social engineering is like a spoofing attack. It means to fool someone or something into allowing unauthorized access with intent to cause destruction or obtain information illegally. Social engineering is based on the theory that
Another form of social engineering is known as
reverse social engineering
whereby a hacker pretends to be an
You must know the difference between spoofing, spamming, and social engineering. It is likely that the exam will bombard you with questions in an attempt to trick you here.
|< Free Open Study >|