2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	526/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 522 523 524 525 526 527 528 529 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Eavesdropping
As the name suggests,
eavesdropping
is simply listening to communication traffic for
the purpose of duplicating it. The duplication can take the form of recording data to a
storage device or using an extraction program that dynamically attempts to extract the
original content from the traffic stream. Once a copy of traffic content is in the hands of
an attacker, they can often extract many forms of confidential information, such as user-
names, passwords, process procedures, data, and so on.
Eavesdropping usually requires physical access to the IT infrastructure to connect a
physical recording device to an open port or cable splice or to install a software-recording
tool onto the system. Eavesdropping is often facilitated by the use of a network traf-
fic capture or monitoring program or a protocol analyzer system (often called a
sniffer
).

566
Chapter 12
■
Secure Communications and Network Attacks
Eavesdropping devices and software are usually difficult to detect because they are used
in passive attacks. When eavesdropping or wiretapping is transformed into altering or
injecting communications, the attack is considered an active attack.
You Too Can eavesdrop on Networks
Eavesdropping on networks is the act of collecting packets from the communication
medium. As a valid network client, you are limited to seeing just the traffic designated for
your system. However, with the right tool (and authorization from your organization!), you
can see all the data that passes your network interface. Sniffers such as Wireshark and
NetWitness and dedicated eavesdropping tools such as T-Sight, Zed Attack Proxy (ZAP),
and Cain & Abel can show you what is going on over the network. Some tools will display
only the raw network packets, while others will reassemble the original data and display
it for you in real time on your screen. We encourage you to experiment with a few eaves-
dropping tools (only on networks where you have the proper approval) so you can see
firsthand what can be gleaned from network communications.
You can combat eavesdropping by maintaining physical access security to prevent unau-
thorized personnel from accessing your IT infrastructure. As for protecting communica-
tions that occur outside your network or for protecting against internal attackers, using
encryption (such as IPsec or SSH) and onetime authentication methods (that is, onetime
pads or token devices) on communication traffic will greatly reduce the effectiveness and
timeliness of eavesdropping.
The common threat of eavesdropping is one of the primary motivations to maintain reli-
able communications security. While data is in transit, it is often easier to intercept than
when it is in storage. Furthermore, the lines of communication may lie outside your orga-
nization’s control. Thus, reliable means to secure data while in transit outside your internal
infrastructure are of utmost importance. Some of the common network health and com-
munication reliability evaluation and management tools, such as sniffers, can be used for
nefarious purposes and thus require stringent controls and oversight to prevent abuse.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 522 523 524 525 526 527 528 529 ... 881