Drawing on what you learned in this chapter, in most cases, in which order would the following attacks be launched by an attacker: Probe/scan, buffer overflow, rootkit, web application, data scavenging?


The attacks would likely be launched in this order: data scavenging, probe/scan, web application, buffer overflow, rootkit.


Looking at the top five attacks in Table 3-29, which one(s) would you expect to drop out of the top five category if the ratings were adapted specifically to an Internet edge design?


War dialing and driving would not appear in the top five because most Internet edges do not make use of WLAN technology or have insecure modems.


Think about how virus, worm, and Trojan horse attacks propagate. Which kinds of attacks have the best chance of getting past traditional antivirus software?


Attacks commonly called zero-day attacks have the best chance of getting past antivirus software. Because antivirus software uses pattern matching and a known signature database (which must be kept current), zero-day attacks, of which little is known, often slip past traditional antivirus systems. Also, since a Trojan horse can be almost anything, traditional antivirus software often does not detect the attack unless it is a known attack for which the software has a signature. The speed with which you can update signatures on your systems should be a critical factor in selecting an antivirus software.


If you discover that a rootkit has infected your system, what is the best course of action to take to secure your system?


Since the rootkit could have infected nearly any application, your best bet is to rebuild your system from scratch. After installing the OS, follow the host-hardening guidelines appropriate for your OS and applications. Also, install the latest security fixes from your OS and application suppliers.


Even though DDoS is classified as a flooding attack, which other attack types does it use in launching the flood?


Spoof Many DDoS attacks randomize their source IP address to make it harder to trace back the attack to the source.

Remote control software DDoS tools have a lot in common with remote control software. Their method of instructing systems to attack is just like the method remote control software uses to send instructions to victim PCs.


Download and run Nmap on your computer (assuming you aren't violating your organization's security policy by doing so). Was it able to detect your OS? Were you running any services you were not expecting to see?


In Table 3-29, find at least three places where you disagree with the assigned values. Consider building the table yourself and assigning your own values. Did the top five attacks change?

Part I. Network Security Foundations

Network Security Axioms

Security Policy and Operations Life Cycle

Secure Networking Threats

Network Security Technologies

Part II. Designing Secure Networks

Device Hardening

General Design Considerations

Network Security Platform Options and Best Deployment Practices

Common Application Design Considerations

Identity Design Considerations

IPsec VPN Design Considerations

Supporting-Technology Design Considerations

Designing Your Security System

Part III. Secure Network Designs

Edge Security Design

Campus Security Design

Teleworker Security Design

Part IV. Network Management, Case Studies, and Conclusions

Secure Network Management and Network Security Management

Case Studies



Appendix A. Glossary of Terms

Appendix B. Answers to Applied Knowledge Questions

Appendix C. Sample Security Policies

INFOSEC Acceptable Use Policy

Password Policy

Guidelines on Antivirus Process


Network Security Architectures
Network Security Architectures
ISBN: 158705115X
EAN: 2147483647
Year: 2006
Pages: 249
Authors: Sean Convery

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net