Please enable JavaScript.
Coggle requires JavaScript to display documents.
2 - Implementing detection and preventive measures - Coggle Diagram
2 - Implementing detection and preventive measures
Preventive controls
Keep systems and applications up-to-date
Remove or disable unneeded services and protocols
Use intrusion detection and prevention systems
Use up-to-date anti-malware software
Use firewalls
Implement configuration and system management processes
Detection controls
IDS
Automate the inspection of logs and real-time system events to detect intrusion attempts and system failures
Sensors in key devices
Firewall
Router
2 types of detection
Knowledge-based (aka signature based)
Behavioral-based
2 types of servers
Network IDS
Port mirroring on the switch is useful for NIDS
Host-based IDS
IPS
The NIPS is placed inline with the traffic
Security attacks
Botnets
bot herder = botnet controller
Denial-of-Service attacks
SYN Flood attacks
Source address is often spoofed
Remediation
Use SYN cookies
Reduce the amount of time a server will wait for an ACK
Distributed reflective denial-of-service (DRDoS)
DNS poisoning
Smurf attacks
Floods the victim with ICMP echo reply packets
It is a spoofed broadcast ping request using the IP address of the victim as the source IP address. Everybody will reply with ICMP echo response to the victim.
Fraggle attacks
It is a spoofed broadcast with UDP packets over UDP/7 (echo protocol) and UDP/19 (character generator protocol)
TCP reset attack
Source address is spoofed
Disconnect TCP sessions of other users
Ping flood
Legacy attacks
Ping of death
Send oversized ping packets
Teardrop
Fragment IP data packet making them impossible to be put back together
Local Area Network Denial (LAND)
Send spoofed SYN packets to a victim using the victim's IP address as both the source and destination IP address
Zero-day exploits
MitM attacks (aka on-path attacks)
Employee sabotage
Preventive measures
Honeypots and honeynets
Enticement
A security technique where you lure an attacker into a controlled environment (like a honeypot) without coercing or encouraging them to commit a crime they weren’t already willing to commit.
Legal
Entrapment
A situation where law enforcement or a security professional induces, persuades, pressures, or tricks someone into committing a crime they would NOT normally commit.
Illegal
Warning banners
Anti-malware
Whitelisting/blacklisting
Firewalls
Sandboxing
Third-party security services