网络安全之三网络攻击与防范 ppt.ppt

* Windows Domain Models - /nt/atips/atips307.shtml Linux/UNIX Trusts - /usr/share/man/info/en_US/a_doc_lib/files/aixfiles/hosts.equiv.htm * Windows Domain Models - /nt/atips/atips307.shtml Linux/UNIX Trusts - /usr/share/man/info/en_US/a_doc_lib/files/aixfiles/hosts.equiv.htm * When a layer 2 switch receives a frame, the switch looks in the CAM table for the destination MAC address. If an entry exists for the MAC address in the table, the switch forwards the frame according to the table. If the MAC address does not exist in the table, the switch forwards the frame out every port on the switch until a response is received and the table is updated. * MAC spoofing attacks use a known MAC address and IP address of a host on a remote VLAN to try and get the target switch to forward frames from the attacker. 应用层攻击 应用层攻击的特点: 利用众所周知的漏洞, 例如协议漏洞 (for example, sendmail, HTTP, and FTP) 通常是访问控制策略允许的服务 (例如，可以攻击防火墙后面的web服务器) 可能永远都不能根除，因为每天都有新的漏洞，安全是动态的 应用层攻击的防范 常用降低应用层威胁的方法 定期查看和分析系统日志. 订阅系统漏洞信息. 安装必威体育精装版的系统补丁. 必要时，在有条件的地方部署IDS 网络扫描和探测 利用公开的信息或者扫描手段，获取网络拓扑等信息。 网络扫描和探测示例 域信息查询 地址查询 网络扫描和探测示例 Traceroute探测网络拓扑 Partner site Remote site Internet Internet-based intranet Internet-based extranet 网络扫描和探测防范 目前，不太可能完全消除. 部署访问控制策略 必要时，部署IDS Trust Exploitation 黑客可以利用信任域做为攻击的跳板 常见信任域 Windows 域 活动目录 Linux 和UNIX NFS NIS+ SystemA User = psmith; Pat Smith SystemB – Compromised by hacker User = psmith; Pat Smith SystemA trusts SystemB SystemB trusts Everyone SystemA trusts Everyone Hacker gains access to SystemA Hacker User = psmith; Pat Smithson 信任域攻击的防范 防火墙内的主机绝对不能信任防火墙外部的主机. 在做信任认证时，不要过分依赖IP地址 SystemA User = psmith; Pat Smith SystemB compromised by a hacker User = psmith; Pat Smith Hacker blocked Hacker User = psmith; Pat Smithson Layer 2 攻击 CAM 表泛洪（CAM table Flood） ARP/MAC poisoning ARP 伪装 MAC D Port 3 CAM Table Overflow MAC A MAC B A?C? A?C? A?C? Port 2 MAC 伪装 Source MAC: A C A B 3 2 1 Oh,A is connected to 3 ARP伪装 A B 2 1 C ARP REPLY: I am C Internet RIP攻击 攻击者可以在