Guide to Network Defense and Countermeasures Third Edition Chapter 6 Wireless Network Fundamentals.
Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.
-
Upload
annette-gallin -
Category
Documents
-
view
226 -
download
0
Transcript of Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.
![Page 1: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/1.jpg)
Guide to Network Defense and Countermeasures Second Edition
Chapter 4Network Traffic Signatures
![Page 2: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/2.jpg)
Guide to Network Defense and Countermeasures, Second Edition 2
Objectives
• Describe the concepts of signature analysis
• Detect normal and suspicious traffic signatures
• Identify suspicious events
• Explain the Common Vulnerabilities and Exposures (CVE) standard
![Page 3: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/3.jpg)
Guide to Network Defense and Countermeasures, Second Edition 3
Understanding Signature Analysis
• Signature – set of characteristics used to define a type of network activity
• Intrusion detection devices – Some devices assemble databases of “normal” traffic
signatures• Deviations from normal signatures trigger an alarm
– Other devices refer to a database of well-known attack signatures
• Traffic that matches stored signatures triggers an alarm– They deal with false positives and false negatives
![Page 4: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/4.jpg)
Guide to Network Defense and Countermeasures, Second Edition 4
Understanding Signature Analysis (continued)
• Signature analysis– Analyzes and understands TCP/IP communications – Determines whether they are legitimate or suspicious
• Bad header information– Common way in which packets are altered– Suspicious signatures can include malformed
• Source and destination IP address
• Source and destination port number
• IP options, protocol and checksums
• IP fragmentation flags, offset, or identification
![Page 5: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/5.jpg)
Guide to Network Defense and Countermeasures, Second Edition 5
Understanding Signature Analysis (continued)
• Bad header information– Checksum
• Simple error-checking procedure
• Determines whether a message has been damaged or tampered with while in transit
• Uses a mathematical formula
• Suspicious data payload– Payload
• Actual data sent from an application on one computer to an application on another
– Some IDSs check for specific strings in the payload
![Page 6: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/6.jpg)
Guide to Network Defense and Countermeasures, Second Edition 6
Understanding Signature Analysis (continued)
• Suspicious data payload– Known attacks
• Hack’a’Tack Trojan program• Flaw in the UNIX Sendmail program
• Single-Packet Attacks– Also called “atomic attacks”
– Completed by sending a single network packet from client to host
– Does not need a connection to be established– Changes to IP option settings can cause a server to
freeze up
![Page 7: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/7.jpg)
Guide to Network Defense and Countermeasures, Second Edition 7
![Page 8: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/8.jpg)
Guide to Network Defense and Countermeasures, Second Edition 8
Understanding Signature Analysis (continued)
• Multiple-Packet Attacks– Also called “composite attacks”
– Require a series of packets to be received and executed for the attack to be completed
– Especially difficult to detect– Denial-of-service (DoS) attacks are obvious examples
• ICMP flood
![Page 9: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/9.jpg)
Guide to Network Defense and Countermeasures, Second Edition 9
Capturing Packets
• Packet sniffer– Software or hardware that monitors traffic going into
or out of a network device– Captures information about each TCP/IP packet it
detects
– Capturing packets and studying them can help you better understand what makes up a signature
![Page 10: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/10.jpg)
Guide to Network Defense and Countermeasures, Second Edition 10
![Page 11: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/11.jpg)
Guide to Network Defense and Countermeasures, Second Edition 11
![Page 12: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/12.jpg)
Guide to Network Defense and Countermeasures, Second Edition 12
![Page 13: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/13.jpg)
Guide to Network Defense and Countermeasures, Second Edition 13
Capturing Packets (continued)
• Packet sniffer– Examples
• Snort
• Ethereal
• Tcpdump
![Page 14: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/14.jpg)
Guide to Network Defense and Countermeasures, Second Edition 14
![Page 15: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/15.jpg)
Guide to Network Defense and Countermeasures, Second Edition 15
Detecting Traffic Signatures
• Need to detect whether traffic is normal or suspicious
• Network baselining– Process of determining what is normal for your
network before you can identify anomalies
![Page 16: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/16.jpg)
Guide to Network Defense and Countermeasures, Second Edition 16
Normal Traffic Signatures
• TCP flags– SYN (0x2)– ACK (0x10)– PSH (0x8)– URG (0x20)– RST (0x4)– FIN (0x1)– Numbers 1 and 2
• Placement and use of these flags are definite– Deviations from normal use mean that the
communication is suspicious
![Page 17: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/17.jpg)
Guide to Network Defense and Countermeasures, Second Edition 17
Normal Traffic Signatures (continued)
• Ping signatures– The sequence of packets is shown in the next slides
![Page 18: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/18.jpg)
Guide to Network Defense and Countermeasures, Second Edition 18
![Page 19: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/19.jpg)
Guide to Network Defense and Countermeasures, Second Edition 19
![Page 20: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/20.jpg)
Guide to Network Defense and Countermeasures, Second Edition 20
Normal Traffic Signatures (continued)
• FTP signatures– The sequence of packets is shown in the next slides
– Normal connection signature includes a three-way handshake
![Page 21: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/21.jpg)
Guide to Network Defense and Countermeasures, Second Edition 21
![Page 22: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/22.jpg)
Guide to Network Defense and Countermeasures, Second Edition 22
![Page 23: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/23.jpg)
Guide to Network Defense and Countermeasures, Second Edition 23
Normal Traffic Signatures (continued)
• Web signatures– Most of the signatures in log files are Web related– Normal communication consists of a sequence of
packets distinguished by their TCP flags
![Page 24: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/24.jpg)
Guide to Network Defense and Countermeasures, Second Edition 24
![Page 25: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/25.jpg)
Guide to Network Defense and Countermeasures, Second Edition 25
Suspicious traffic signatures
• Categories– Informational
• Traffic might not be malicious– Reconnaissance
• Attacker’s attempt to gain information– Unauthorized access
• Traffic caused by someone who has gained unauthorized access
– Denial of service• Traffic might be part of a more complex attack
![Page 26: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/26.jpg)
Guide to Network Defense and Countermeasures, Second Edition 26
Suspicious traffic signatures (continued)
• Ping sweeps– Also called an ICMP sweep– Used by attackers to determine the location of a host– Attacker sends a series of ICMP echo request
packets in a range of IP addresses– Ping sweep alone does not cause harm
![Page 27: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/27.jpg)
Guide to Network Defense and Countermeasures, Second Edition 27
![Page 28: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/28.jpg)
Guide to Network Defense and Countermeasures, Second Edition 28
Suspicious traffic signatures (continued)
• Port scans– Attempt to connect to a computer’s ports to see
whether any are active and listening– Signature typically includes a SYN packet sent to
each port
![Page 29: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/29.jpg)
Guide to Network Defense and Countermeasures, Second Edition 29
![Page 30: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/30.jpg)
Guide to Network Defense and Countermeasures, Second Edition 30
Suspicious traffic signatures (continued)
• Random back door scan– Probes a computer to see if any ports are open and
listening that are used by well-known Trojan programs– Trojan programs
• Applications that seem to be harmless but can cause harm to a computer or its files
![Page 31: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/31.jpg)
Guide to Network Defense and Countermeasures, Second Edition 31
![Page 32: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/32.jpg)
Guide to Network Defense and Countermeasures, Second Edition 32
![Page 33: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/33.jpg)
Guide to Network Defense and Countermeasures, Second Edition 33
Suspicious traffic signatures (continued)
• Specific Trojan scans– Port scans can be performed in several ways– Vanilla scan
• Probes all ports from 0 to 65,535
– Strobe scan• Probes only ports commonly used by specific programs
• Can be used to detect whether a Trojan program is already installed and running
![Page 34: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/34.jpg)
Guide to Network Defense and Countermeasures, Second Edition 34
![Page 35: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/35.jpg)
Guide to Network Defense and Countermeasures, Second Edition 35
Suspicious traffic signatures (continued)
• Nmap scans– Network mapper (Nmap)
• Popular software tool for scanning networks
– Nmap scans can circumvent IDSs monitoring– Examples of Nmap scans
• SYN scan
• FIN scan
• ACK scan
• Null scan
![Page 36: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/36.jpg)
Guide to Network Defense and Countermeasures, Second Edition 36
![Page 37: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/37.jpg)
Guide to Network Defense and Countermeasures, Second Edition 37
Identifying Suspicious Events
• Attackers avoid launching well-known attacks– Use waiting intervals to fool detection systems
• Reviewing log files manually can be overwhelming– Must check them and identify potential attacks
• You can use IDSs to help you with this task– IDSs depend on extensive databases of attack
signatures
![Page 38: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/38.jpg)
Guide to Network Defense and Countermeasures, Second Edition 38
Packet Header Discrepancies
• Falsified IP address– Attacker can insert a false address into the IP header
• Make the packet more difficult to trace back– Also known as IP spoofing
• Falsified port number or protocol– Protocol numbers can also be altered
• Illegal TCP flags– Look at the TCP flags for violations of normal usage– Examples of SYN and FIN flags misuse
• SYN/FIN• SYN/FIN/PSH,SYN/FIN/RST,SYN/FIN/RST/PSH
![Page 39: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/39.jpg)
Guide to Network Defense and Countermeasures, Second Edition 39
Packet Header Discrepancies (continued)
• TCP or IP options– TCP options can alert you of an attack
• Only one MSS option should appear in a packet
• MSS, NOP, and SackOK should appear only in packets that have the SYN and/or ACK flag set
• TCP packets have two “reserved bits”– IP options
• Originally intended as ways to insert special handling instructions into packets
• Attackers mostly use IP options now for attack attempts
![Page 40: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/40.jpg)
Guide to Network Defense and Countermeasures, Second Edition 40
Packet Header Discrepancies (continued)
• Fragmentation abuses– Maximum transmit unit (MTU)
• Maximum packet size that can be transmitted over a network
– Packets larger than the MTU must be fragmented• Broken into multiple segments small enough for the
network to handle
– Fragmentation abuses• Overlapping fragments
• Fragments that are too long or too small
• Fragments overwriting data
![Page 41: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/41.jpg)
Guide to Network Defense and Countermeasures, Second Edition 41
Advanced Attacks
• Advanced IDS evasion techniques– Polymorphic buffer overflow attack
• Uses a tool called ADMutate• Alter an attack’s shell code to differ from the known
signature many IDSs use• Once packets reach the target, they reassemble into
original form– Path obfuscation
• Directory path in payload is obfuscated by using multiple forward slashes
• Alternatively, it can use the Unicode equivalent of a forward slash, %co%af
![Page 42: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/42.jpg)
Guide to Network Defense and Countermeasures, Second Edition 42
Advanced Attacks (continued)
• Advanced IDS evasion techniques– Common Gateway Interface (CGI) scripts
• Scripts used to process data submitted over the Internet
• Examples– Count.cgi– FormMail– AnyForm– Php.cgi– TextCounter– GuestBook
![Page 43: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/43.jpg)
Guide to Network Defense and Countermeasures, Second Edition 43
Remote Procedure Calls
• Remote Procedure Call (RPC)– Standard set of communication rules – Allows one computer to request a service from
another computer on a network
• Portmapper– Maintains a record of each remotely accessible
program and the port it uses– Converts RPC program numbers into TCP/IP port
numbers
![Page 44: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/44.jpg)
Guide to Network Defense and Countermeasures, Second Edition 44
Remote Procedure Calls (continued)
• RPC-related security events– RPC dump
• Targeted host receives an RPC dump request– RPC set spoof
• Targeted host receives an RPC set request from a source IP address of 127.x.x.x
– RPC NFS sweep• Targeted host receives series of requests for the
Network File System (NFS) on different ports
![Page 45: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/45.jpg)
Guide to Network Defense and Countermeasures, Second Edition 45
Using the Common Vulnerabilities and Exposures (CVE) Standard
• Make sure your security devices share information and coordinate with one another– Each devices uses its own “language”
• Common Vulnerabilities and Exposures (CVE)– Enables devices to share information using the same
standard
![Page 46: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/46.jpg)
Guide to Network Defense and Countermeasures, Second Edition 46
How the CVE Works
• CVE enables hardware and devices to draw from the same database of vulnerabilities
• Benefits– Stronger security– Better performance
![Page 47: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/47.jpg)
Guide to Network Defense and Countermeasures, Second Edition 47
![Page 48: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/48.jpg)
Guide to Network Defense and Countermeasures, Second Edition 48
Scanning CVE Vulnerabilities Descriptions
• Can view current CVE vulnerabilities online– And even download the list
• The CVE list is not a vulnerability database that can be used with an IDS
• Information in a CVE reference– Name of the vulnerability– Short description– References to the event in other databases
• Such as BUGTRAQ
![Page 49: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/49.jpg)
Guide to Network Defense and Countermeasures, Second Edition 49
![Page 50: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/50.jpg)
Guide to Network Defense and Countermeasures, Second Edition 50
Summary
• Interpreting network traffic signatures– Can help prevent network intrusions
• Analysis of traffic signatures– Integral aspect of intrusion prevention
• Possible intrusions are marked by invalid settings
• Packet sniffers– Capture packets
• Learn what normal traffic signatures look like– Help identify signatures of suspicious connection
attempts
![Page 51: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/51.jpg)
Guide to Network Defense and Countermeasures, Second Edition 51
Summary (continued)
• Suspicious network events– “Orphaned” packets– Land attacks– Localhost source spoof– Falsified protocol numbers– Illegal combinations of TCP flags
• Advanced attacks– Difficult to detect without a database of intrusion
signatures or user behaviors
![Page 52: Guide to Network Defense and Countermeasures Second Edition Chapter 4 Network Traffic Signatures.](https://reader036.fdocuments.net/reader036/viewer/2022062309/56649cad5503460f9496f4c1/html5/thumbnails/52.jpg)
Guide to Network Defense and Countermeasures, Second Edition 52
Summary (continued)
• Advanced attack methods include– Exploiting CGI vulnerabilities– Misusing Remote Procedure Calls
• Common Vulnerabilities and Exposures (CVE)– Enables security devices to share attack signatures
and information about network vulnerabilities