2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet604/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   600   601   602   603   604   605   606   607   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Sniffer Attacks
Sniffing
captures packets sent over a network with the intent of analyzing the packets. A 
sniffer (also called a packet analyzer or protocol analyzer) is a software application that 
captures traffic traveling over the network. Administrators use sniffers to analyze network 
traffic and troubleshoot problems.
Of course, attackers can also use sniffers. A 
sniffer attack
(also called a snooping attack 
or eavesdropping attack) occurs when an attacker uses a sniffer to capture information 
transmitted over a network. They can capture and read any data sent over a network in 
clear text, including passwords.
Wireshark is a popular protocol analyzer available as a free download. Figure 14.4 
shows Wireshark with the contents of a relatively small capture, and demonstrates how 
attackers can capture and read data sent over a network in cleartext.
F I g u r e 14 . 4
Wireshark capture

648
Chapter 14 

Controlling and Monitoring Access
The top pane shows packet 260 selected and you can see the contents of this packet in 
the bottom pane. It includes the text 
User: DarrilGibson Password: IP@$$edCi$$P
. If 
you look at the first packet in the top pane (packet number 250), you can see that the name 
of the opened file is 
CISSP Secrets
.
txt
.
The following techniques can prevent successful sniffing attacks:

Encrypt all sensitive data (including passwords) sent over a network. Attackers can-
not easily read encrypted data with a sniffer. For example, Kerberos encrypts tickets 
to prevent attacks, and attackers cannot easily read the contents of these tickets with a 
sniffer.

Use onetime passwords when encryption is not possible or feasible. Onetime passwords 
prevent the success of sniffing attacks, because they are used only once. Even if an 
attacker captures a onetime password, the attacker is not able to use it.

Protect network devices with physical security. Controlling physical access to routers 
and switches prevents attackers from installing sniffers on these devices.

Monitor the network for signatures from sniffers. Intrusion detection systems can 
monitor the network for sniffers and will raise an alert when they detect a sniffer on 
the network.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   600   601   602   603   604   605   606   607   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish