Page 929 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 929
Block spoofed packets from entering or leaving your network.
Keep all systems patched with the most current security updates
from vendors.
Consider commercial DoS protection/response services like
CloudFlare’s DDoS mitigation or Prolexic. These can be expensive,
but they are often effective.
For further discussion of DoS and DDoS, see Chapter 17, “Preventing
and Responding to Incidents.”
Eavesdropping
As the name suggests, eavesdropping is simply listening to
communication traffic for the purpose of duplicating it. The
duplication can take the form of recording data to a storage device or
using an extraction program that dynamically attempts to extract the
original content from the traffic stream. Once a copy of traffic content
is in the hands of an attacker, they can often extract many forms of
confidential information, such as usernames, passwords, process
procedures, data, and so on.
Eavesdropping usually requires physical access to the IT infrastructure
to connect a physical recording device to an open port or cable splice
or to install a software-recording tool onto the system. Eavesdropping
is often facilitated by the use of a network traffic capture or monitoring
program or a protocol analyzer system (often called a sniffer).
Eavesdropping devices and software are usually difficult to detect
because they are used in passive attacks. When eavesdropping or
wiretapping is transformed into altering or injecting communications,
the attack is considered an active attack.
You Too Can Eavesdrop on Networks
Eavesdropping on networks is the act of collecting packets from
the communication medium. As a valid network client, you are
limited to seeing just the traffic designated for your system.
