2 cissp ® Official Study Guide Eighth Edition


Corrupt the IP configuration



Download 19,3 Mb.
Pdf ko'rish
bet438/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   434   435   436   437   438   439   440   441   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Corrupt the IP configuration.
Corrupting the IP configuration can result in a client hav-
ing a false DNS server definition. This can be accomplished either directly on the client or 
on the network’s DHCP server.
Use proxy falsification.
This method works only against web communications. This 
attack plants false web proxy data into a client’s browser, and then the attacker operates 
the rogue proxy server. A rogue proxy server can modify HTTP traffic packets to reroute 
requests to whatever site the hacker wants.
Although there are many DNS poisoning methods, here are some basic security mea-
sures you can take that can greatly reduce their threat:

Limit zone transfers from internal DNS servers to external DNS servers. This is 
accomplished by blocking inbound TCP port 53 (zone transfer requests) and UDP 
port 53 (queries).

Limit the external DNS servers from which internal DNS servers pull zone transfers.

Deploy a 
network intrusion detection system (NIDS)
to watch for abnormal DNS traffic.

Properly harden all DNS, server, and client systems in your private network.

Use DNSSEC to secure your DNS infrastructure.

Require internal clients to resolve all domain names through the internal DNS. This 
will require that you block outbound UDP port 53 (for queries) while keeping open 
outbound TCP port 53 (for zone transfers).

470
Chapter 11 

Secure Network Architecture and Securing Network Components
Another attack closely related to DNS poisoning and/or DNS spoofing is 
DNS pharm-
ing. Pharming
is the malicious redirection of a valid website’s URL or IP address to a fake 
website that hosts a false version of the original valid site. This is often part of a phishing 
attack where the attacker is attempting to trick victims into giving up their logon creden-
tials. If potential victims aren’t careful or paying attention, they may be tricked into provid-
ing their logon information to the false, pharmed website. Pharming typically occurs either 
by modifying the local HOSTS file on a system or by poisoning or spoofing DNS resolu-
tion. Pharming is an increasingly problematic activity because hackers have discovered 
means to exploit DNS vulnerabilities to pharm various domain names for large groups of 
targeted users.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   434   435   436   437   438   439   440   441   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish