Network Security Flashcards
Firewalls
- protect inside from outside
- have certain rules to protect
Stateful Firewalls
- directory of UDP TCP connection
- connection states:
- > NEW: packet starts new connection/stream
- > ESTABLISHED: packet is associated to existing connection
- > RELATED: packet starts new connection associated to existing one
action src sport dst dport state
allow $INSIDE * * 80443 NEW -> allows new connections
allow * * * * ESTABLISHED -> allow established going out
DMZ Networks
- separate internal from external network
- DMZ (Demilitarized Zone) accessible from outside
internet
↓
external firewall
↓
lan switch -> web server, mail, dns
↓
internal firewall
↓
lan switch -> database, workstation etc
Denial-of-Service targets
CPU -> overload target with complex calculations
RAM -> consume all of memory for processing requests
Bandwidth -> exhaust network bandwidth
Distributed Denial-of-Service (DDoS)
- with a botnet
- multiple attacks traffic
ICMP/UDP Floods
- target bandwidth
- send a lot of repeated requests
- only works when BW_att»_space; BW_target
SYN Floods: attack and defence
- tries to attack TCP stack
- SYN opens TCP connection half way
- > exhaust memory by 1000s open time
solve: SYN cookies -> cookie has an ACK so needs to wait for attacker
Reflection Attacks
- set source IP to items ip address
- reflectors will then send to target
Amplification Attacks
- use reflector idea
- then use some protocol that needs a bigger response from server
HTTP Flood
- flood server with fetching data
- very low effort for attacker
Slowloris
- HTTP attack
- send an incomplete request
- send time after time more information
R.U.D.Y.
- HTTP attack
- send POST ans specify large content
- slowly send parameters
Compression bombs as HTTP
- HTTP support compression
- when arrives zip bomb
Water Torture Attack
- DNS based attack
- overload authoritie name server with queries
Upstream filters
- DoS defence
- high ISPs blacklist
