Protection against attacks of the third level of the best defense is to tightly control access privileges, i.e. with a valid password.
◆ Main including password should follow the letters, numbers, uppercase and lowercase (since Linux on case is case sensitive) mixed use rules. ◆ Use like "#" or "%" or "$" so that special characters are also added complexity. For example, use "countbak", it appends "# $" (countbak # $) so you have a valid password. Attack level 4: remote user to gain root privileges fourth attack level are those that should never have happened what happened, this is a fatal attack. Indicates that the attacker owns Linux server's root, root user or administrator permissions, you can read, write and execute all documents. In other words, the attacker has full control over the Linux server, you can at all times be able to completely close and even destruction of this network. Attack level four main attack forms is TCP/IP continuous theft, passive channel interceptions listening and information packet. TCP/IP for theft, passive channel interceptions listening and information package is to enter the network gathers important information, not as a denial of service attacks, these methods are more like theft, was found hidden not easily compared. A successful attack could allow hackers to TCP/IP attempt between two groups of transactions, provides in-the-middle attacks, good chance, then hackers will not be a victim of circumstances control of one or both of the transaction. Through passive eavesdropping, hackers will control and registration information, documents, also from the target system, all available through the channel found can be fatal. Hackers will find online and password combination, recognized for legitimate channels. Packet interception is the target system constraints of an active listening program to intercept and change all or particular information address. Information can be changed to illegal system without reading, and then change to send it back to the hacker. TCP/IP for stealing actual is the network sniffer, note that if you believe someone has received a sniffer to your network, you can go and find some validation tools. This tool is called the time domain reflectometry meter (TimeDomainReflectometer, TDR). TDR on electromagnetic wave propagation and change. Will a TDR is connected to a network, can detect unauthorized access to network data. However, many small and medium-sized companies without the expensive tools. For prevention of sniffer attack the best method is to: 1, secure topology. Sniffer can only be used in the current network segment for data capture. This means that network segmentation work more, sniffer is able to collect information. 2, session encryption. Not particularly worried about data had been sniffing, but to find ways to make the sniffer doesn't understand the sniffer to data. The advantage of this approach are obvious: even if an attacker sniffs out data, these data on him is useless. Special tip: responding to attacks of counter-measures for more than second-level attacks you should pay special attention. Because they can constantly improve the level of attacks to penetrate the Linux server. At this point, we can take counter-measures are: ◆ first back up the important business critical data. ¡Ô change all passwords in the system, notify the user of the find system administrators get a new password. ◆ Isolation that network segment that aggressive behavior occurs only in a small area. ◆ Allows behavior to continue. If possible, do not hurry to put the attacker out of the system, to prepare for the next step. Records all behaviour, collection of evidence. These evidence including: System log file, application log files, AAA (Authentication, Authorization, Accounting, authentication, authorization and accounting) log files, RADIUS (RemoteAuthenticationDial-InUserService) to log on, log on the network cell (NetworkElementLogs), firewall, login, HIDS (Host-baseIDS, host-based intrusion detection system) event, NIDS (network intrusion detection system) event, disk drives, hidden files, etc. Collect evidence to note: in the move or remove any of the equipment before the camera; the survey is to follow the two rules, the information collected should be at least two people to prevent tampering with information; should record all of the steps taken and the configuration settings of any change to these records in a safe place. Check the system all directory access license, detection is modified Permslist. ¡Ô carry on of different attempts (use different parts of your network) to identify the source of attacks. ◆ In order to use the law as a weapon against criminal behaviour, the evidence must be preserved, and generating evidence takes time. To do this, you must suffer the impact of the attacks (although you can develop some security measures to ensure that the attack does not harm the network). In this scenario, we not only want to take a number of legal instruments, but also to at least make an authoritative security company to help prevent this kind of crime. This type of operation of the most important trait is the evidence obtained criminality, and find the address of the offender that provides the log. For the collected evidence, should be effectively save. Initially production in two copies, one for the assessment of the evidence, the other for legal verification. ◆ After trying to find the system vulnerability loopholes, and self attack test. Network security is more than just technical problems, which is a social problem. Enterprises should improve network security, if you simply rely on technology tools that will become more and more passive; only play social and legal aspects of the fight against cybercrime in order to be more effective. China for combating cybercrime already had clear judicial interpretation, and unfortunately most companies only pay attention to the role of technical links and ignore the law, social factors, this is also the purpose of writing this article. Denial of service attack (DoS) DoS i.e. DenialOfService, Denial of service, and may not be considered to be Microsoft DOS operating system DoS attacks that let! target machine to stop providing the service or resource access, usually to consume the server-side resources, through forged over server processing capacity of request data server response to block, allow normal users to answer a request for an attack.
No comments:
Post a Comment