Page 930 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 930

However, with the right tool (and authorization from your
                  organization!), you can see all the data that passes your network

                  interface. Sniffers such as Wireshark and NetWitness and
                  dedicated eavesdropping tools such as T-Sight, Zed Attack Proxy
                  (ZAP), and Cain & Abel can show you what is going on over the
                  network. Some tools will display only the raw network packets,
                  while others will reassemble the original data and display it for you
                  in real time on your screen. We encourage you to experiment with
                  a few eavesdropping tools (only on networks where you have the

                  proper approval) so you can see firsthand what can be gleaned
                  from network communications.



               You can combat eavesdropping by maintaining physical access
               security to prevent unauthorized personnel from accessing your IT
               infrastructure. As for protecting communications that occur outside
               your network or for protecting against internal attackers, using
               encryption (such as IPsec or SSH) and onetime authentication
               methods (that is, onetime pads or token devices) on communication

               traffic will greatly reduce the effectiveness and timeliness of
               eavesdropping.

               The common threat of eavesdropping is one of the primary
               motivations to maintain reliable communications security. While data
               is in transit, it is often easier to intercept than when it is in storage.
               Furthermore, the lines of communication may lie outside your
               organization’s control. Thus, reliable means to secure data while in

               transit outside your internal infrastructure are of utmost importance.
               Some of the common network health and communication reliability
               evaluation and management tools, such as sniffers, can be used for
               nefarious purposes and thus require stringent controls and oversight
               to prevent abuse.



               Impersonation/Masquerading

               Impersonation, or masquerading, is the act of pretending to be
               someone or something you are not to gain unauthorized access to a
               system. This usually implies that authentication credentials have been
               stolen or falsified in order to satisfy (i.e., successfully bypass)
   925   926   927   928   929   930   931   932   933   934   935