Please enable JavaScript.

Coggle requires JavaScript to display documents.

Communications and Network Security - Coggle Diagram

- - - - Composed of the electronic and optical signals transmitted over the wire or the air
      - Unauthorized access to wiring closets
      - Wiretapping or sniffing
      - High layer protection: encryption and traffic padding
    - - Defines how the signals from the physical layers are reassembled into frames via Logical Link Control (provide the operating system links to device drivers) and Media Access Control (translates generic network requests into devicespecific terms)
      - Link Establishment Subversion
        
        Eavesdrops all communications using call forwarding
      - Media Access Subversion
        
        Set device driver to capture/replay all packets to the hacker’s computer
    - - IP Spoofing
      - Source Routing
      - Source Route Exploit
      - Address Resolution Protocol
        
        ARP Spoofing
      - Internet Control Message Protocol
      - Denial of Service
        
        Ping of Death
        
        Smurf attack
        
        ICMP Flooding
        
        Local and Remote DoS
        
        Distributed Denial of Service
        
        DDoS, a type of DoS attack that uses a large number of machines (Zombies) to simultaneously send packets to a victim
        
        Attacker scans a large number of networks for vulnerable machines, attacks those machines and installs zombie software on exploited machine
        
        In launching DDoS, attacker usually use indirect method to contact one or more clients and send them instructions
        
        Clients then communicates with all of the zombies to simultaneous execute a command to DDoS a victim
        
        Example DDOS Architecture
        
        DDoS Attack Categories
        
        Volume Based Attacks
        
        Include UDP, ICMP, and other spoofed-packet floods
        
        Aims to saturate the bandwidth of the targeted resource
        
        Magnitude is measured in bits per second
        
        Protocol Attacks
        
        Include SYN floods, fragmented packet attacks, Smurf DDoS and more
        
        Consumes actual server resources, or resources on the intermediate equipment, such as firewalls and load balancers
        
        Magnitude is measured in packets per second
        
        DDoS Attack Containment
        
        Network modifications
        
        Switch to alternative sites or networks using DNS or other mechanism
        
        Distribute attack traffic across network of data centers
        
        Route traffic on scrubbing services and product
        
        Content delivery control
        
        Use Caching/Proxying
        
        Enable alternative communication channels (VPN)
        
        Traffic control
        
        Terminate unwanted connections or processes on servers and routers
        
        Configure outbound filters for reducing DDoS response footprint
        
        Control content delivery based on user and session details
        
        DDoS Attack Remediation
        
        Bandwidth prioritization and blocking
        
        Deny connections using geographic information
        
        Deny connections based on IP and traffic signatures
        
        Place limits on the amount of traffic, maximum burst size, traffic priority on individual packet types
        
        Traffic scrubbing
        
        Use dedicated devices and modules with high-performing hardware that can support focused scrubbing algorithms
        
        Sinkholing
        
        Attract DDoS traffic on the IP blocks advertised by the sinkhole to apply specialized analysis