227 lines
5.5 KiB
HTML
227 lines
5.5 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Methods of Attack</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux Network Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="TCP/IP Firewall"
|
|
HREF="x-087-2-firewall.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="TCP/IP Firewall"
|
|
HREF="x-087-2-firewall.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="What Is a Firewall?"
|
|
HREF="x-087-2-firewall.introduction.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux Network Administrators Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-firewall.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 9. TCP/IP Firewall</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-firewall.introduction.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="X-082-2-FIREWALL.ATTACKS"
|
|
>9.1. Methods of Attack</A
|
|
></H1
|
|
><P
|
|
>
|
|
As a network administrator, it is important that you understand the nature of
|
|
potential attacks on computer security. We'll briefly
|
|
describe the most important types of attacks so that you can better understand
|
|
precisely what the Linux IP firewall will protect you against. You should do
|
|
some additional reading to ensure that you are able to protect your
|
|
network against other types of attacks. Here
|
|
are some of the more important methods of attack and ways of protecting
|
|
yourself against them:</P
|
|
><P
|
|
></P
|
|
><DIV
|
|
CLASS="VARIABLELIST"
|
|
><DL
|
|
><DT
|
|
>Unauthorized access</DT
|
|
><DD
|
|
><P
|
|
>This simply means that people who shouldn't use your computer services are
|
|
able to connect and
|
|
use them. For example, people outside your company might try to
|
|
connect to your company accounting machine or to your NFS server.</P
|
|
><P
|
|
>There are various ways to avoid this attack by carefully specifying who
|
|
can gain access through these services. You can prevent network access
|
|
to all except the intended users.</P
|
|
></DD
|
|
><DT
|
|
>Exploitation of known weaknesses in programs</DT
|
|
><DD
|
|
><P
|
|
>Some programs and network services were not originally designed with strong
|
|
security in mind and are inherently vulnerable to attack. The BSD remote
|
|
services (rlogin, rexec, etc.) are an example.</P
|
|
><P
|
|
>The best way to protect yourself against this type of attack is to disable
|
|
any vulnerable services or find alternatives. With Open Source, it is
|
|
sometimes possible to repair the weaknesses in the software.</P
|
|
></DD
|
|
><DT
|
|
>Denial of service</DT
|
|
><DD
|
|
><P
|
|
> Denial of service attacks cause the service or program to cease functioning or
|
|
prevent others from making use of the service or program. These may be
|
|
performed at the network layer by sending carefully crafted and malicious
|
|
datagrams that cause network connections to fail. They may also be performed
|
|
at the application layer, where carefully crafted application commands are
|
|
given to a program that cause it to become extremely busy or stop functioning.</P
|
|
><P
|
|
>Preventing suspicious network traffic from reaching your hosts and preventing
|
|
suspicious program commands and requests are the best ways of minimizing the
|
|
risk of a denial of service attack. It's useful to know the details of the
|
|
attack method, so you should educate yourself about each new attack as it
|
|
gets publicized.</P
|
|
></DD
|
|
><DT
|
|
>Spoofing</DT
|
|
><DD
|
|
><P
|
|
> This type of attack causes a host or application to mimic the
|
|
actions of another. Typically the attacker pretends to be an innocent host
|
|
by following IP addresses in network packets. For example, a
|
|
well-documented exploit of the BSD rlogin service can use this method to mimic a
|
|
TCP connection from another host by guessing TCP sequence numbers.</P
|
|
><P
|
|
>To protect against this type of attack, verify the authenticity of datagrams
|
|
and commands. Prevent datagram routing with invalid source addresses.
|
|
Introduce unpredictablility into connection control mechanisms, such as TCP
|
|
sequence numbers and the allocation of dynamic port addresses.</P
|
|
></DD
|
|
><DT
|
|
>Eavesdropping</DT
|
|
><DD
|
|
><P
|
|
> This is the simplest type of attack. A host is configured to "listen" to and
|
|
capture data not belonging to it. Carefully written eavesdropping programs
|
|
can take usernames and passwords from user login network connections.
|
|
Broadcast networks like Ethernet are especially vulnerable to this type of
|
|
attack.</P
|
|
><P
|
|
>To protect against this type of threat, avoid use of broadcast
|
|
network technologies and enforce the use of data encryption.</P
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
><P
|
|
>IP firewalling is very useful in preventing or reducing unauthorized access,
|
|
network layer denial of service, and IP spoofing attacks. It not very useful
|
|
in avoiding exploitation of weaknesses in network services or programs and
|
|
eavesdropping. </P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-firewall.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-firewall.introduction.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>TCP/IP Firewall</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-firewall.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>What Is a Firewall?</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |