ISCW10S05L01设备安全－预防攻击.ppt

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Worm, Virus, and Trojan Horse Attacks and Mitigation Worm, Virus, and Trojan HorseAttacks and Mitigation The primary vulnerabilities for end-user workstations are: Worms Viruses Trojan horse attacks Virus and Trojan Horse Attack Mitigation Viruses and Trojan horses can be contained by: Effective use of antivirus software Keeping up-to-date with the latest developments in these methods of attacks Keeping up-to-date with the latest antivirus software and application versions Implementing host-based intrusion prevention systems (e.g., CSA) The Anatomy of a Worm Attack The enabling vulnerability Propagation mechanism Payload Mitigating Worm Attacks Four steps to mitigate worm attacks: Contain Inoculate Quarantine Treat Application Layer Attacks and Mitigation Application Layer Attacks Application layer attacks have these characteristics: Exploit well-known weaknesses, such as those in protocols, that are intrinsic to an application or system (e.g., sendmail, HTTP, and FTP) Often use ports that are allowed through a firewall (e.g., TCP port 80 used in an attack against a web server behind a firewall) Can never be completely eliminated, because new vulnerabilities are always being discovered Netcat Netcat is a tool that reads or writes data on any TCP/UDP connections, relays TCP connections, and can act as a TCP/UDP server #nc -h connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port] options: -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -i secs delay interval for lines sent, ports scanned -l listen mode, for inbound connects -n numeric-only IP addresses, no DNS -o file hex dump of traffic -p port