Completed
Intrusion Detection Systems • Use only IDS's that can be customized • IDS should be capable of handling fragmented packet reassembly • IDS should handle high speeds
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Strategies for Defeating Distributed Attacks
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Assume basics - Understand IP addressing - Understand basic system administration
- 3 Attack Recognition Problems Blended "patter" and "effect" attacks • Sniffing attacks Decoys and false identification of attack source
- 4 Attack Recognition Problems • Blended "patter" and "effect" attacks • Sniffing attacks Decoys and false identification of attack source
- 5 Changing Attack Patterns • More large-scale attacks • Better enumeration and assessment of the target by the attacker
- 6 Two Basic Distributed Attack Models • Attacks that do not require direct observation of the results • Attacks that require the attacker to directly observe the results
- 7 Defensive Techniques Cont. Minimal ports open Stateful inspection firewalls Modified kernels/IDS to look for fingerprint packets
- 8 Defensive Techniques Cont. Limit ICMP inbound to host/destination unreachable Limit outbound ICMP
- 9 DMZ Server Recommendations Split services between servers Current patches • Use trusted paths, anti-buffer overflow settings and kernel patches • Use any built-in firewalling software • Make use of b…
- 10 Firewall Rules Limit inbound to only necessary services • Limit outbound via proxies to help control access • Block all outbound to only necessary traffic
- 11 Intrusion Detection Systems • Use only IDS's that can be customized • IDS should be capable of handling fragmented packet reassembly • IDS should handle high speeds
- 12 Spoofed Packet Defenses Get TTL of suspected spoofed packet • Probe the source address in the packet Compare the probe reply's TTL to the suspected spoofed packet
- 13 Late Breaking News • HackerShield RapidFire Update 208