2 cissp ® Official Study Guide Eighth Edition


Chapter 21  ■ Malicious Code and Application Attacks IP Spoofing



Download 19,3 Mb.
Pdf ko'rish
bet876/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   873   874   875   876   877   878   879   880   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

942
Chapter 21 

Malicious Code and Application Attacks
IP Spoofing
In an 
IP spoofing attack
, the malicious individual simply reconfigures their system so that 
it has the IP address of a trusted system and then attempts to gain access to other external 
resources. This is surprisingly effective on many networks that don’t have adequate filters 
installed to prevent this type of traffic from occurring. System administrators should con-
figure filters at the perimeter of each network to ensure that packets meet at least the
following criteria:

Packets with internal source IP addresses don’t enter the network from the outside.

Packets with external source IP addresses don’t exit the network from the inside.

Packets with private IP addresses don’t pass through the router in either direction 
(unless specifically allowed as part of an intranet configuration).
These three simple filtering rules can eliminate the vast majority of IP spoofing attacks 
and greatly enhance the security of a network.
Session Hijacking
Session hijacking attacks occur when a malicious individual intercepts part of the com-
munication between an authorized user and a resource and then uses a hijacking technique 
to take over the session and assume the identity of the authorized user. The following list 
includes some common techniques:

Capturing details of the authentication between a client and server and using those 
details to assume the client’s identity

Tricking the client into thinking the attacker’s system is the server, acting as the mid-
dleman as the client sets up a legitimate connection with the server, and then discon-
necting the client

Accessing a web application using the cookie data of a user who did not properly close 
the connection
All of these techniques can have disastrous results for the end user and must be 
addressed with both administrative controls (such as anti-replay authentication techniques) 
and application controls (such as expiring cookies within a reasonable period of time).
Summary
Applications developers have a lot to worry about! As hackers become more sophisticated 
in their tools and techniques, the Application layer is increasingly becoming the focus of 
their attacks due to its complexity and multiple points of vulnerability.
Malicious code, including viruses, worms, Trojan horses, and logic bombs, exploits 
vulnerabilities in applications and operating systems or uses social engineering to infect sys-
tems and gain access to their resources and confidential information.

Exam Essentials 
943
Applications themselves also may contain a number of vulnerabilities. Buffer overflow 
attacks exploit code that lacks proper input validation to affect the contents of a system’s 
memory. Back doors provide former developers and malicious code authors with the abil-
ity to bypass normal security mechanisms. Rootkits provide attackers with an easy way to 
conduct escalation-of-privilege attacks.
Many applications are moving to the web, creating a new level of exposure and vulnerabil-
ity. Cross-site scripting attacks allow hackers to trick users into providing sensitive information 
to unsecure sites. SQL injection attacks allow the bypassing of application controls to directly 
access and manipulate the underlying database.
Reconnaissance tools provide attackers with automated tools they can use to identify 
vulnerable systems that may be attacked at a later date. IP probes, port scans, and vulner-
ability scans are all automated ways to detect weak points in an organization’s security 
controls. Masquerading attacks use stealth techniques to allow the impersonation of users 
and systems.
Exam Essentials

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   873   874   875   876   877   878   879   880   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2025
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish