427 Botnet fm qxd

Layer 2 could suffer various forms of attack, including ARP spoofing,
which can lead to MITM attacks.
Layer 2 can suffer from switch forwarding table overflow attacks,
which can lead to password-guessing attacks.
Layer 2 could suffer from fake DHCP servers, which can lead to
MITM attacks.
Layer 2 switch features can include various security measures such as
port security, DHCP snooping, IP Source Guard, and dynamic ARP
inspection, especially on recent Cisco switches.
The number of hosts in a broadcast domain should be limited to
prevent fan-out attacks.
The routing table ARP timeout time and switch forwarding table
timeout might be set to be the same time.This helps if a hacker’s
toolkit has installed a password sniffer, since it improves the odds that
they will not see anything useful.
Intrusion Detection
Intrusion detection systems (IDSes) are either host or network based.
A NIDS should focus on local and outgoing traffic flows as well as
incoming Internet traffic, whereas a HIDS can pick up symptoms of
bot activity at a local level that can’t be seen over the network.
At either level, an IDS can focus on either anomaly detection or
signature detection, though some are more or less hybrid.
IDS is important, but it should be considered part of an Internet
prevention system strategy, whether it’s part of a full-blown
commercial system or one element of a multilayered defense.
Virus detection is, or should be, an understatement: It should sit at all
levels of the network, from the perimeter to the desktop, and include
preventative and recovery controls, not just detection.
Antivirus is capable of detecting a great deal more than simple viruses
and is not reliant on simple detection of static strings. Scanners can

Download 6,98 Mb.

Do'stlaringiz bilan baham: