Page 931 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 931
authentication mechanisms. This is different from spoofing, where an
entity puts forth a false identity but without any proof (such as falsely
using an IP address, MAC addresses, email address, system name,
domain name, etc.). Impersonation is often possible through the
capture of usernames and passwords or of session setup procedures
for network services.
Some solutions to prevent impersonation are using onetime pads and
token authentication systems, using Kerberos, and using encryption to
increase the difficulty of extracting authentication credentials from
network traffic.
Replay Attacks
Replay attacks are an offshoot of impersonation attacks and are made
possible through capturing network traffic via eavesdropping. Replay
attacks attempt to reestablish a communication session by replaying
captured traffic against a system. You can prevent them by using
onetime authentication mechanisms and sequenced session
identification.
Modification Attacks
In modification attacks, captured packets are altered and then played
against a system. Modified packets are designed to bypass the
restrictions of improved authentication mechanisms and session
sequencing. Countermeasures to modification replay attacks include
using digital signature verifications and packet checksum verification.
Address Resolution Protocol Spoofing
The Address Resolution Protocol (ARP) is a subprotocol of the TCP/IP
protocol suite and operates at the Data Link layer (layer 2). ARP is
used to discover the MAC address of a system by polling using its IP
address. ARP functions by broadcasting a request packet with the
target IP address. The system with that IP address (or some other
system that already has an ARP mapping for it) will reply with the
associated MAC address. The discovered IP-to-MAC mapping is stored
in the ARP cache and is used to direct packets.
