Chapters 6 and 7 covered various attacks that may be launched against a network. This chapter covers the mitigation of the attacks described in Chapter 6, “Classifying Rudimentary Network Attacks”: reconnaissance, unauthorized access, denial of service (DoS), application layer, and trust exploitation attacks. The mitigation techniques discussed in this chapter are based on network security best common practices (BCPs) and on SAFE concepts.
Although both this chapter and Chapter 9, “Mitigating Sophisticated Network Attacks,”
cover a fair amount of detail on mitigating attacks, by no means do the chapters present an exhaustive discussion. Each attack is unique and has its own set of requirements for an effective defense. Nevertheless, this chapter provides a starting point for network administrators to understand how to implement the principles in SAFE to better protect their networks.
“Do I Know This Already?” Quiz
The purpose of the “Do I Know This Already?” quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.
The 10-question quiz, derived from the major sections in “Foundation Topics” portion of the chapter, helps you determine how to spend your limited study time.
Table 8-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?”
quiz questions that correspond to those topics.
1. Which of the following are sources from which an attacker can determine information about a target network?
a. DNS
b. ARIN/RIPC/APNIC records
c. whois information
d. Phone book
e. All of the above
2. What does “network posture visibility reduction” mean?
a. Lower the number of all the servers in the network
b. Reduce the number of users that can access the network
c. Eliminate essential services from servers in the public-facing segment to a minimum
d. Reduce the number of services in the public-facing segment of the network to a minimum
e. None of the above
Table 8-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundations Topics Section Questions Covered in This Section Mitigating Reconnaissance Attacks 1–3
Mitigating Denial of Service Attacks 4–6 Protecting Against Unauthorized Access 7 Mitigating Application Layer Attacks 8–9 Guarding Against Trust Exploitation 10
CAUTION The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.
“Do I Know This Already?” Quiz 111
3. Which of the following actions should be taken to harden applications and thereby make it more difficult for an attacker to perform reconnaissance on a network?
a. Remove application banners from application greetings
b. Apply patches to all applications
c. Turn off unnecessary services
d. Apply access control lists to edge routers
e. Turn off essential services 4. What is the purpose of RFC 2827?
a. It defines a range of network addresses to be used for private networks.
b. It describes a method of mitigating DoS attacks.
c. It describes the behavior of the TCP protocol.
d. It defines site security procedures.
e. It defines the behavior of the IP protocol.
5. Which feature of Cisco routers is considered an “anti-DoS” feature?
a. NetFlow
b. Fast switching
c. Stateful firewall
d. TCP intercept
e. None of the above
6. Which of the following methods can you utilize to mitigate the effects of DoS attacks?
a. NetFlow
b. Traffic-rate limiting
c. Fast switching
d. Quality of service
e. Stateful firewall
7. Which of the following is classified as an unauthorized access attack?
a. An attacker connects to a web server and downloads publicly available files
b. An attacker connects to an anonymous FTP server and downloads publicly available files
c. An attacker connects to the SMTP port of a mail server and forges e-mail
d. An attacker queries DNS for information about hosts on the network
e. An attacker connects to the Telnet port of a system and repeatedly tries various username/
password combinations until he gains entry to the system 8. What makes application layer attacks possible?
a. Vulnerabilities in applications
b. Poor access control lists
c. Lack of proper firewall configuration
d. Poor password choices
e. None of the above
9. How can network and system administration personnel reduce the risk of an application layer attack?
a. They can’t; application layer attacks are inevitable
b. Follow system administration best common practices
c. Turn off applications
d. Block application ports at the firewall
e. All of the above
10. If an attacker is able to gain access to an internal server through a DMZ web server, what is the possible cause?
a. The DMZ web server was not configured properly.
b. The DMZ web server was vulnerable to exploitation.
c. The edge router access control list was not blocking port 80.
d. The firewall access control lists allowed for the DMZ web server to connect to the internal server.
e. The internal server root password was weak.
“Do I Know This Already?” Quiz 113
The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Sections.” The suggested choices for your next step are as follows:
■ 8 or less overall score—Read the entire chapter. This includes the “Foundation Topics” and
“Foundation Summary” sections, and the “Q&A” section.
■ 9 or more overall score—If you want more review on these topics, skip to the “Foundation Summary” section and then go to the “Q&A” section. Otherwise, move to the next chapter.