Posted: September 4, 2012 in Uncategorized

1.Use Encryption
2.Use a secure protocol
3.Limit incoming connections
4.Minimize remote access
5.Have strong authentication. Countermeasure
When practical, limit successful
sessions to specific IP
addresses. This usually only
works when dealing within an intranet setting, where the IP ranges are predictable and finite. Countermeasure
Re-authenticate the user before critical actions are
performed. If possible, try to limit unique session tokens to each browser instance (e.g. generate the token with a hash of the MAC address of the computer and process id of the browser, etc.) Configure the appropriate spoof rules on gateways (internal and external). Monitor for ARP cache poisoning, by using IDS products or ARPwatch. Countermeasure
Use x.509 certificates to
prevent more traditional types of TCP hijacking. Countermeasure
Use encryption. This can be
done by one or more of the following. Forcing all incoming connections from the outside world to be fully encrypted. Forcing all connections to critical machines to be fully
encrypted. Forcing all traffic on the network to be encrypted. Using encrypted protocols, like those found in the OpenSSH suite. The OpenSSH suite includes the ssh program which replaces rlogin and
telnet, scp which replaces rcp, and sftp which replaces ftp.
Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keygen and sftp-server. Countermeasure
Use strong authentication (like Kerberos) or peer-to-peer VPN’s.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s