Please enable JavaScript.
Coggle requires JavaScript to display documents.
Communications and Network Security - Coggle Diagram
Communications and Network Security
TCP/IP Suite
OSI Model
Physical Layer
Composed of the electronic and optical signals transmitted over the wire or the air
Unauthorized access to wiring closets
Wiretapping or sniffing
High layer protection: encryption and traffic padding
Data Link Layer
Defines how the signals from the physical layers are reassembled into frames via Logical Link Control (provide the operating system links to device drivers) and Media Access Control (translates generic network requests into devicespecific terms)
Link Establishment Subversion
Eavesdrops all communications using call forwarding
Media Access Subversion
Set device driver to capture/replay all packets to the hacker’s computer
Internet Protocol (IP)
IP Spoofing
Source Routing
Source Route Exploit
Address Resolution Protocol
ARP Spoofing
Internet Control Message Protocol
Denial of Service
Ping of Death
Smurf attack
ICMP Flooding
Local and Remote DoS
Distributed Denial of Service
DDoS, a type of DoS attack that uses a large number of machines (Zombies) to simultaneously send packets to a victim
Attacker scans a large number of networks for vulnerable machines, attacks those machines and installs zombie software on exploited machine
In launching DDoS, attacker usually use indirect method to contact one or more clients and send them instructions
Clients then communicates with all of the zombies to simultaneous execute a command to DDoS a victim
Example DDOS Architecture
DDoS Attack Categories
Volume Based Attacks
Include UDP, ICMP, and other spoofed-packet floods
Aims to saturate the bandwidth of the targeted resource
Magnitude is measured in bits per second
Protocol Attacks
Include SYN floods, fragmented packet attacks, Smurf DDoS and more
Consumes actual server resources, or resources on the intermediate equipment, such as firewalls and load balancers
Magnitude is measured in packets per second
DDoS Attack Containment
Network modifications
Switch to alternative sites or networks using DNS or other mechanism
Distribute attack traffic across network of data centers
Route traffic on scrubbing services and product
Content delivery control
Use Caching/Proxying
Enable alternative communication channels (VPN)
Traffic control
Terminate unwanted connections or processes on servers and routers
Configure outbound filters for reducing DDoS response footprint
Control content delivery based on user and session details
DDoS Attack Remediation
Bandwidth prioritization and blocking
Deny connections using geographic information
Deny connections based on IP and traffic signatures
Place limits on the amount of traffic, maximum burst size, traffic priority on individual packet types
Traffic scrubbing
Use dedicated devices and modules with high-performing hardware that can support focused scrubbing algorithms
Sinkholing
Attract DDoS traffic on the IP blocks advertised by the sinkhole to apply specialized analysis
TCP/IP