Chapter 12

Chapter 12 - Linux Networking and Security Chapter 12 Network Intrusion Detection Network Intrusion Detection Use network scanning and

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Linux Networking and Security Chapter 12 Network Intrusion Detection
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Network Intrusion Detection Use network scanning and packet-sniffing utilities Understand basic intrusion detection systems Perform automated security audits of your Linux system
Background image of page 2
Scanners and Sniffers Cracker can employ the following techniques in order to gain access to a Linux system: Port scanning, in which packets are sent to a host to gain information about it based on its response Packet sniffing, in which every packet on the network has its header and data examined Network administrators also use these techniques to check for security weaknesses, and though some feel their use is illegitimate, it is important to stay ahead of crackers
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Port Scanning A port scan enables someone to identify a network’s operating system and any services that could potentially allow greater access Port scans typically use the TCP protocol and its associated flags to gather information about the host and its network services Some port scanners use ICMP and UDP packets, which do not provide as much data as TCP, but can offer some information that TCP cannot
Background image of page 4
Port Scanning
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Port Scanning The most widely used port-scanning utility is nmap, the network mapper nmap is a command-line utility that uses a variety of scanning methods nmap allows for fingerprinting hosts, greater output, and configuration of timing policy nmap can also perform a Ping scan, which reports hosts that are reachable using ICMP echo packets
Background image of page 6
Port Scanning
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Port Scanning
Background image of page 8
Port Scanning
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Packet Sniffing A packet sniffer allows for the examination of any or all of the traffic passing through a network cable or wireless
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 04/03/2008 for the course IT IT taught by Professor Freebourn during the Spring '07 term at Montana Tech.

Page1 / 34

Chapter 12 - Linux Networking and Security Chapter 12 Network Intrusion Detection Network Intrusion Detection Use network scanning and

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online