Page 1495 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1495
Masquerading Attacks
One of the easiest ways to gain access to resources you’re not
otherwise entitled to use is to impersonate someone who does have the
appropriate access permissions. In the offline world, teenagers often
borrow the driver’s license of an older sibling to purchase alcohol, and
the same type of thing happens in the computer security world.
Attackers borrow the identities of legitimate users and systems to gain
the trust of third parties. In the following sections, we’ll take a look at
two common masquerading attacks—IP spoofing and session
hijacking.
IP Spoofing
In an IP spoofing attack, the malicious individual simply reconfigures
their system so that it has the IP address of a trusted system and then
attempts to gain access to other external resources. This is surprisingly
effective on many networks that don’t have adequate filters installed to
prevent this type of traffic from occurring. System administrators
should configure filters at the perimeter of each network to ensure that
packets meet at least the following criteria:
Packets with internal source IP addresses don’t enter the network
from the outside.
Packets with external source IP addresses don’t exit the network
from the inside.
Packets with private IP addresses don’t pass through the router in
either direction (unless specifically allowed as part of an intranet
configuration).
These three simple filtering rules can eliminate the vast majority of IP
spoofing attacks and greatly enhance the security of a network.
Session Hijacking
Session hijacking attacks occur when a malicious individual intercepts
part of the communication between an authorized user and a resource
