UNIT 3 SEC I PART 1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
sahishpandav
8 views
98 slides
Sep 08, 2024
Slide 1 of 98
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
About This Presentation
TC HEADER
Slide Content
III. Network Security Fundamentals
The process of overloading CAM table of switch by sending huge amount of ARP replies to it is known as MAC flooding. When the switch gets overloaded, it enters into hub mode . In hub mode, switch forwards the traffic to all the computers connected on the network. As a result, attacker could able to capture all the traffic using sniffing software. MAC Flooding Attack Content Addressable Memory
How to detect MAC flooding attack No single sign can confirm that your network is being targeted with a MAC flooding attack. The best option for detecting MAC flooding attacks is to monitor your network traffic for anomalous behavior. S udden surge in network traffic or a dramatic reduction in speed , that could be the result of the switch’s MAC address table being overloaded. In the event of a successful flooding attack, you may notice data being sent to your device that should have been passed to another device on your network.
MAC Spoofing Attack T hrough software, a fake MAC address can be inserted into outgoing communications. Sending the same MAC Address like the actual user and spoof the network is called as MAC spoofing . The destination will think that, the request is genuine but the request is from the attacker . He used the same MAC address as the original user.
MAC Spoofing Attack
ARP Spoofing (ARP Poisoning) ARP Poisoning (also known as ARP Spoofing) is a type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table.
ARP POISOING AND PORT MIRRORING
FIREWALL
A proxy server is a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as an “intermediary” because it goes between end-users and the web pages they visit online.
Proxies come with several benefits : Enhanced security : Can act like a firewall between your systems and the internet. Without them, hackers have easy access to your IP address, which they can use to infiltrate your computer or network. Private browsing, watching, listening, and shopping : Use different proxies to help you avoid getting inundated with unwanted ads or the collection of IP-specific data. With a proxy, site browsing is well-protected and impossible to track. Access to location-specific content : You can designate a proxy server with an address associated with another country. You can, in effect, make it look like you are in that country and gain full access to all the content computers in that country are allowed to interact with. For example, the technology can allow you to open location-restricted websites by using local IP addresses of the location you want to appear to be in. Prevent employees from browsing inappropriate or distracting sites : You can use it to block access to websites that run contrary to your organization’s principles. Also, you can block sites that typically end up distracting employees from important tasks.
PROXY SERVER
Spam Filtering Spam filters are designed to identify incoming dangerous emails from attackers or marketers. Attackers often use emails that claim to offer a beneficial service or protect you from imminent danger, but they are really just clickbait, designed to get you to click on a link that downloads malicious software onto your computer or sends you to a dangerous site. Spam refers to any type of unwanted bulk communication. It is sent via email, text messages, social media, or phone calls.
There are different types of spam filters for different criteria: Content filters – parse the content of messages, scanning for words that are commonly used in spam emails. Header filters – examine the email header source to look for suspicious information (such as spammer email addresses). Blocklist filters – stop emails that come from a blocklist of suspicious IP addresses. Some filters go further and check the IP reputation of the IP address. Rules-based filters – apply customized rules designed by the organization to exclude emails from specific senders, or emails containing specific words in their subject line or body.
Web content filtering is a technique that blocks and screens access to inappropriate or unsafe web content. Uses include a company keeping employees from visiting known spam sites or school systems restricting students from adult content.
Intrusion detection and prevention systems (IDPS ) monitor networks for possible incidents and threats, alert administrators, and prevent potential attacks.
1. Signature-based detection A signature is a pattern that corresponds to a known threat comparing signatures against observed events to identify possible incidents. Advantage: Very effective at detecting known threats. Disadvantage: Ineffective at detecting previously unknown threats.
2. Anomaly-based detection The process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. Capable of detecting previously unknown threats. Uses host or network-specific profiles. Anomaly detection is better than signature-based detection when considering new attacks that aren’t in the signature database.
3. Stateful protocol analysis The process of comparing predetermined profiles of generally accepted definitions of benign protocol activity for each protocol state against observed events to identify deviations. Relies on vendor-developed universal profiles that specify how particular protocols should and should not be used. Stateful protocol analysis goes one step further and uses the predefined standards of each protocol state to check for deviations.
A web security gateway, also known as a secure web gateway, is a device, cloud service, or application that is deployed at the boundaries of a network to monitor and stop malicious traffic from entering the organization, and to block users from accessing malicious or suspicious web resources. Standard features of a web security gateway may include URL filtering, virus and malware code detection, data leak prevention, and other application level control.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 98
- Age 449 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views