Mitigating Network Attacks参考.ppt

Cisco Device Hardening Mitigating Network Attacks减轻网络攻击 Cisco Self-Defending Network Cisco strategy to dramatically improve the network ability to identify, prevent, and adapt to threats思科引入了各种的网络策略用于鉴别、阻止针对各种网络攻击。 There are three categories: Secure connectivity:安全连接 VPN solutions including VPN concentrators, VPN-enabled routers, and firewall VPNs Threat defense:威胁防御 Appliance and Cisco IOS-based firewalls Cisco IDSs and IPSs Trust and identity:信任和身份识别 NAC(Network Admission Control), Cisco Secure ACS, and 802.1x technology Evolution of Cisco Self-Defending Network Types of Network Attacks Attacks that require less intelligence about the target network: Reconnaissance 侦察攻击 Access attacks 访问攻击 DoS and distributed DoS 拒绝服务 Types of Network Attacks (Cont.) Attacks that typically require more intelligence or insider access: Worms, viruses, and Trojan horses Application layer attacks Threats to management protocols Reconnaissance Attacks and Mitigation Reconnaissance refers to the overall act of learning information about a target network by using readily available information and applications.侦察攻击通过使用软件和有限的信息尝试获得目标网络的全部信息 Reconnaissance attacks include: Packet sniffers 包嗅探 Port scans端口扫描 Ping sweeps PING扫描 Internet information queries因特网信息查询 Packet Sniffers A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets. Packet sniffers: Exploit(使用) information passed in plaintext. Protocols that pass information in plaintext are Telnet, FTP, SNMP, POP, and HTTP. Must be on the same collision domain. Used legitimately, or can be designed specifically for attack.合法的使用,但可以被特殊的设计用作攻击 Packet Sniffer Mitigation The mitigation(缓解) techniques and tools include: Authentication Cryptography Antisniffer tools Switched infrastructure低层使用交换架构 Port Scans and Ping Sweeps Port scans and ping sweeps attempt to identify: All services All hosts and devices The operating systems Vulnerabilities Port Scan and Ping Sweep M