This chapter covers mitigation techniques to counter the attacks described in Chapter 7,
“Classifying Sophisticated Network Attacks.” These techniques are based on the principles described in the SAFE blueprint and build on the techniques discussed in Chapter 8, “Mitigating Rudimentary Network Attacks.” The attacks covered in this chapter include IP spoofing, packet sniffers, password attacks, man-in-the-middle attacks, port redirection, and virus and Trojan-horse applications.
Although this chapter, combined with Chapter 8, covers a fair amount of detail on mitigating attacks, the discussion is by no means exhaustive. Each attack is unique and has its own set of requirements for an effective defense. Nevertheless, this chapter provides a basis for network administrators to understand how to implement the principles in SAFE to better protect their networks against sophisticated network attacks.
“Do I Know This Already?” Quiz
The purpose of the “Do I Know This Already?” quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.
The 11-question quiz, derived from the major sections in the “Foundation Topics” portion of the chapter, helps you determine how to spend your limited study time.
Table 9-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?”
quiz questions that correspond to those topics.
Table 9-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundations Topics Section Questions Covered in This Section Mitigating IP Spoofing Attacks 1–3
Guarding Against Packet Sniffers 4–6
Mitigating Password Attacks 7–8
continues
1. What RFC discusses suggested service provider filtering that restricts the traffic originating from an edge network to the IP address range assigned to that network?
a. 1918
b. 1745
c. 973
d. 2827
e. 2828
2. What two methods are most effective in mitigating IP spoofing attacks?
a. Access control
b. Use of RFC 1918 addresses
c. RFC 2827 filtering
d. Strong authentication
e. Cryptography
3. What type of trust model facilitates IP spoofing attacks?
a. Strong
b. Open
c. User-based
d. Closed
e. IP address–based
Table 9-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping (Continued)
Foundations Topics Section Questions Covered in This Section Mitigating Man-In-The-Middle Attacks 9
Mitigating Port Redirection Attacks 10 Guarding Against Virus and Trojan-Horse
Applications
11
CAUTION The goal of self-assessment is to gauge your mastery of the topics in this chapter.
If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.
“Do I Know This Already?” Quiz 125
4. Which of the following is a two-factor based authentication method?
a. Passwords
b. Cryptography
c. One-time passwords
d. IPSec
e. Bank ATM
5. Antisniffer software works by what two methods?
a. It detects changes in the response time of hosts to determine if the hosts are processing more traffic than their own.
b. It identifies sniffing software running on a host.
c. It can identify when a network interface goes into promiscuous mode.
d. It can remotely see promiscuous packets that are captured by a host that is sniffing.
e. There is no such thing as “antisniffer” software.
6. Why is cryptography an effective mitigation tool against sniffing?
a. Cryptography is not an effective mitigation tool against sniffing.
b. The attacker only sees data that appears to be a random string of bits.
c. The key exchange masks the data being transmitted across the wire.
d. An attacker cannot decode encrypted data without knowing the session key.
e. Sniffing software cannot sniff encrypted packets.
7. Good passwords are characterized by which of the following?
a. They have a minimum length of five characters.
b. They have a combination of alphanumeric and nonalphanumeric characters.
c. They are easy to remember.
d. They are random.
e. They have a minimum length of eight characters.
8. Which of the following are good password-testing tools?
a. Ethereal
b. John the Ripper
c. LC4
d. dsniff
e. NetBIOS Audit Tool
9. Man-in-the-middle attacks can be effectively mitigated through which of the following techniques?
a. Access control lists
b. Strong authentication
c. Patches
d. Use of cryptography
e. Firewalls
10. How are port redirection attacks successful?
a. They rely on strong trust models between systems to allow a port on one host to connect to a port on another host.
b. They rely on weak trust models between systems to allow a port on one host to connect to a port on another host.
c. Port redirection attacks are not possible.
d. They rely on poor authentication across hosts.
11. What is a key method of preventing virus and Trojan-horse applications from entering a network?
a. Firewalls
b. Router access lists
c. Patches
d. Intrusion detection
e. Antivirus software
The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Sections.” The suggested choices for your next step are as follows:
■ 9 or less overall score—Read the entire chapter. This includes the “Foundation Topics” and
“Foundation Summary” sections, and the “Q&A” section.
■ 10 or more overall score—If you want more review on these topics, skip to the “Foundation Summary” section and then go to the “Q&A” section. Otherwise, move to the next chapter.