Precautions against other network attack behavior

Protocol attack and denial-of-service attack are the attack methods used by hackers, but with the rapid development of network technology, the attack behavior is changeable and new technologies emerge. The following will explain the network sniffer and buffer overflow attack principle and preventive measures.

1 and the precautionary measures against network sniffing

Network sniffing is to enable the network interface to receive data that is not part of this host. The computer network is usually built on the shared channel, Ethernet is such a shared channel network, its data header contains the destination host hardware address, only the hardware address matching machine will receive the packet. A machine that can receive all packets is called a miscellaneous node. Typically, information such as account and password is transmitted over Ethernet in plaintext, and the user may be compromised once the hacker has sniffed at the miscellaneous node.

For network sniffer attacks, we can take the following precautions:

(1) network segment A network segment consists of a set of machines that share low-level devices and lines, such as switches, dynamic hubs, and network bridges, that limit the flow of data to prevent sniffing.

(2) encryption on the one hand, some of the important information in the data stream can be encrypted, on the other hand can be only the application layer encryption, but the latter will make most of the network and operating system-related sensitive information loss protection. Which encryption method to choose depends on the security level of the information and the degree of security of the network.

(3) One-timepassword technology passwords are not transmitted over the network but are string-matched at both ends, and the client computes a new string and returns it to the server using the challenge and its own password obtained from the server. The comparison algorithm is used on the server to match, if the match, the connection is allowed to establish, all the challenge and strings are used only once.

(4) Disabling the miscellaneous node installation does not support the wrong network card, usually to prevent the IBM compatibility machine to sniff.

2 , buffer overflow attack and its precautionary measures

Buffer Overflow Attack is a means of system attack, by writing to the program's buffer beyond its length, causing buffer overflow, thus destroying the program stack, so that the program to execute other instructions to achieve the purpose of the attack. Of course, it is not possible to fill the buffer with the object of the attack. The most common approach is to make the program run a user shell by making a buffer overflow , and then execute other commands through the shell. If the program has root privileges, the attacker can take any action on the system.

Buffer overflow has brought great harm to network system, to prevent this kind of attack effectively, should do the following points:

(1) The program pointer integrity check detects if the program pointer has changed before it is referenced. Even if an attacker succeeds in changing a pointer to a program, the pointer will not be used because the system detects a pointer change beforehand.

(2) stack protection This is a compiler technique for provider pointer integrity checking, implemented by examining the return address in the function's activity record. After the function return address in the stack is appended with some additional bytes, and when the function returns, first check whether the additional byte has been altered. If a buffer overflow attack occurs, the attack is easily detected before the function is returned. However, if an attacker foresaw the presence of these additional bytes and was able to manufacture them equally during the overflow process, he could successfully skip stack protection detection.

(3) array bounds check that all the read and write operations of the arrays should be checked to ensure that the operation of the logarithmic group is within the correct range. The most straightforward approach is to check all array operations, often using some optimization techniques to reduce the number of checks. At present, there are several checking methods:Compaq c compiler,Jones & Kelly c array boundary check,Purify memory access check, etc.

The future competition is information competition, and network information is an important part of competition. Its essence is the confrontation between human and human, which is embodied in the confrontation between security strategy and attacking strategy. In order to enhance the security defense ability of information system, we must fully understand the realization of the system kernel and network protocol, and truly realize the " minutiae " of the other network system, and should be familiar with the preventive measures against various attack methods. Only in this way can we ensure the security of the network as best as possible.

(4) using public tools software like Audit network security Analysis tool SATAN,Internet Electronic security scanner IIS and other tools to scan the entire network or subnet for security vulnerabilities.

3 , setting up a simulation environment, simulating attacks

based on the information obtained from the previous two dots, a simulated environment similar to the attack object is established, and then a series of attacks are made on this simulated target. In the meantime, by examining the log of the attacked party and observing the response of the detection tool to the attack, we can further understand the " traces " and the state of the attacked party in the course of the attack, so as to develop a more thorough attack strategy.

4 and specifically implement cyber attacks

The intruder based on the information obtained in the previous steps, combined with their own level and experience to summarize the corresponding attack methods, in the practice of simulated attacks, will wait for the opportunity to implement a real cyber attack.

for more security information, please visit Right-click Butler .

Precautions against other network attack behavior