YoVDO

Strategies for Defeating Distributed Attacks

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Network Security Courses System Administration Courses IP addressing Courses

Course Description

Overview

Explore strategies for defeating distributed attacks in this Black Hat USA 2000 conference talk. Delve into attack recognition problems, changing attack patterns, and two basic distributed attack models. Learn defensive techniques including minimal open ports, stateful inspection firewalls, and modified kernels/IDS for fingerprint packet detection. Discover DMZ server recommendations, firewall rule best practices, and intrusion detection system requirements. Examine spoofed packet defense methods and stay updated with late-breaking cybersecurity news. Gain valuable insights to enhance your network security posture and combat evolving distributed threats.

Syllabus

Intro
Assume basics - Understand IP addressing - Understand basic system administration
Attack Recognition Problems Blended "patter" and "effect" attacks • Sniffing attacks Decoys and false identification of attack source
Attack Recognition Problems • Blended "patter" and "effect" attacks • Sniffing attacks Decoys and false identification of attack source
Changing Attack Patterns • More large-scale attacks • Better enumeration and assessment of the target by the attacker
Two Basic Distributed Attack Models • Attacks that do not require direct observation of the results • Attacks that require the attacker to directly observe the results
Defensive Techniques Cont. Minimal ports open Stateful inspection firewalls Modified kernels/IDS to look for fingerprint packets
Defensive Techniques Cont. Limit ICMP inbound to host/destination unreachable Limit outbound ICMP
DMZ Server Recommendations Split services between servers Current patches • Use trusted paths, anti-buffer overflow settings and kernel patches • Use any built-in firewalling software • Make use of built-in state tables
Firewall Rules Limit inbound to only necessary services • Limit outbound via proxies to help control access • Block all outbound to only necessary traffic
Intrusion Detection Systems • Use only IDS's that can be customized • IDS should be capable of handling fragmented packet reassembly • IDS should handle high speeds
Spoofed Packet Defenses Get TTL of suspected spoofed packet • Probe the source address in the packet Compare the probe reply's TTL to the suspected spoofed packet
Late Breaking News • HackerShield RapidFire Update 208


Taught by

Black Hat

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network