Section 06: Network Scanning Countermeasures

Ping Sweeping Countermeasures

Dont allow connections to send more than a small number of ICMP ECHO requests.
Use IDS and IPS to detect ping sweeps
Limit ICMP traffic with access control lists (ACLs)

Port Sweeping Countermeasures

Use IDS and IPS to detect ping sweeps
Ensure all routers, firewalls, etc are running the latests version of their software.
Block unwanted ports.

Banner Grabbing countermeasures

Display false banners to mislead attackers.
Turn of unnecessary services on hosts to limit information disclosure.
Disable details of vendors and version in banners.

IP Spoofing Countermeasures

Internet Protocol Security In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Links

https://en.wikipedia.org/wiki/IPsec
Avoid authentication based on IP address
Use firewalls and ACLs
Use encyrption. IPSec can greatly reduce the risk of IP spoofing.

Scanning Detection Tools

Splunk

Splunk is the data platform that powers enterprise observability, unified security and limitless custom applications in hybrid environments.

Links

https://www.splunk.com

PreviousSection 05: Scanning Beyond IDS and Firewall Nexttryhackme

Last updated 9 days ago