IDS
- There are different types of intrusion detection systems.
- Network Intrusion Detection
- Host intrusion detection
- Signature-based: compares network traffic to known signatures
- Anomaly-based: compares network and host behavior to baseline profiles
- Protocol-based: detects anomalies specific to a given protocol
Firewalls
- Packet-filtering firewalls distinguish between good and bad traffic.
- A bastion host is a boundary firewall, which lets public and internal interfaces connect.
- A screened hubnet uses a single firewall to protect multiple interfaces.
- Firewalking is using TCP and UDP packets to determine configuration of ACL's.
- There are many evasion techniques that can be used to avoid a firewall.
- Spoofing is when the hacker changes addressing information in the IP packet header to trick the firewall into thinking its from a trusted host.
- Source routing is when a packet is sent to different places first before getting to the target destination. This attempts to evade the firewall.
Honeypots
- A honeypot is a physical or virtual device designed to look like a legitimate network resource to draw in a hacker.
- There are different levels of honeypots.
- Low-Level: Simulates a number of services and applications.
- Medium: Simulates a real OS, applications, and services.
- High: Simulates all services and applications.
Article
The article I read was about a company called Wappalyzer. They disclosed this security breach after the attacker starting emailing users offers to sell the company's database. The attacker had accessed one of the databases that had a misconfiguration. The hacker was not caught.
https://www.zdnet.com/article/wappalyzer-discloses-security-breach-after-hacker-starts-emailing-users/
No comments:
Post a Comment