Professional Documents
Culture Documents
VI Network Security-OSI Attacks Firewall IDS
VI Network Security-OSI Attacks Firewall IDS
Fiber/cable cuts
Wireless link jamming
Copper cables influenced by electromagnetic fields
Application of high voltage on copper wire
Based on the destination MAC address, the switch knows which port to
forward the frames to.
CAM is a physical part of the switch that stores information about MAC
addresses available on each physical port and their associated parameters.
When the CAM table of the switch fills up with these addresses,
the switch begins to forward all frames that it receives to every
port.
The switch will flood all ports with incoming traffic because it
cannot find the port number for a particular MAC address in
the CAM table.
The aim is to associate the attacker's MAC address with the IP address of
another host (eg: default gateway), causing any traffic meant for that IP
address to be sent to the attacker instead.
Packet Filtering
Avoid trust relationships
Use ARP spoofing detection s/w
Use cryptographic n/w protocols
TLS, SSH, HTTPS
Denial of Service
When a DDoS attack is launched, the IP spoofing is used not to
identify the exact machines from where the requests are coming.
This makes the DDoS attack more powerful because, it will be
difficult to identify the senders and block them.
The victim will respond with ICMP "echo reply" packets, thus
consuming both outgoing bandwidth as well as incoming
bandwidth.
2 methods of ID:
Signature based IDSs: detect attacks based on known
signatures or patterns (similar to signature based virus
detection)
Anomaly based IDSs: attempt to define a baseline , or
normal, behaviour of a system and provide a warning
whenever the system strays too far from the baseline
Prof. Stevina Correia-DJSCOE
Architectures for IDSs
Host Based IDS
Apply detection methods on activities occurring on host
Designed to detect attacks such as buffer overflow
Have little or no view of n/w activities
A firewall can block an unauthorized access to network (E.g. A An IDS can only report an intrusion; it cannot block it (E.g. A CCTV
watchman standing at gate can block a thief) camera which can alert about a thief but cannot stop it)
A firewall cannot detect security breaches for traffic that does not IDS is fully capable of internal security by collecting information
pass through it (E.g. a gateman can watch only at front gate. He is from a variety of system and network resources and analyzing the
not aware of wall-jumpers) symptoms of security problems
Firewall doesn’t inspect content of permitted traffic. (A gateman will IDS keeps a check of overall network
never suspect an employee of the company )
Firewalls are most visible part of a network to an outsider. Hence, IDS are very difficult to be spotted in a network (especially stealth
more vulnerable to be attacked first. (A gateman will be the first mode of IDS).
person attacked by a thief!!)