Ethical Hacking
IP Address Spoofing One effective way an attacker can evade a firewall is to appear as something else, such as a trusted host. Using spoofing to modify address information, the attacker can make the source of an attack appear to come from someplace else rather than the malicious party. Source Routing Using this technique, the … Read more
One of the more interesting systems you will encounter is a honeypot. A honeypot may sound like something out of a Winnie the Pooh book, but it is actually a device or system used to attract and trap attackers that are trying to gain access to a system. However, honeypots are far from being just … Read more
To determine a type of firewall and even a brand, you can use your experience with port scanning and tools to build information about the firewall your target is running. By identifying certain ports, you can link the results to a specific firewall and from that point determine the type of attack or process to … Read more
Not all firewalls or firewall setups are created equal, so you need to be familiar with each setup and how it works. Firewalls can be set up and arranged in several ways, each offering its own advantages and disadvantages. In this section we’ll cover each method. Bastion Host A bastion host is intended to be … Read more
Firewalls are another protective device for networks that stand in the way of a penetration tester or attacker. Firewalls represent a barrier or logical delineation between two zones or areas of trust. In its simplest form an implementation of a firewall represents the barrier between a private and a public network. When discussing firewalls, it … Read more
Signature Detection The first form of detection or recognition is based on signature; this method is also sometimes called misuse detection. The system compares traffic to known models and when matches are found it reports the attack. Pattern matching is the most basic form of detecting and is used in many systems. The process relies … Read more
what type of activities are indications of a potential attack? What type of actions can an IDS respond to? Let’s take a look at activities that may indicate an intrusion has occurred. Host System Intrusions What is an indicator of an attack on a host? A wide range of activities could be construed as an … Read more
The main purpose of an IDS is to detect and alert an administrator about an attack. The administrator can then determine, based on the information received from the IDS, what action to take. An IDS functions in the following way: The IDS monitors network activity for anomalies—that is, signatures or behaviors that may indicate an … Read more
The first type, and one of the most common, is the NIDS. The NIDS is designed to inspect every packet entering the network for the presence of malicious or damaging behavior and, when malicious activity is detected, throw an alert. The NIDS is able to monitor traffic from the router to the host itself. Much … Read more
An intrusion detection system (IDS) is an application or device used to gather and analyzev information that passes across a network or host. An IDS is designed to analyze, identify, and report on any violations or misuse of a network or host. Let’s take a close look at how an IDS works. An IDS is … Read more