Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
411412413414415416417418419420
6-8
Intrusion Detection and Prevention
Overview
Adware—software that displays unwanted pop-up ads on an infected
endpoint
Spyware—software that keeps a record of Web sites visited, keystrokes,
and other personal information.
Trojan horses—programs that offer desirable software enhancements
but that also include adware, spyware, or other malware as an implicit
part of the software package
Rootkits—programs that allow an attacker to open network backdoors,
which bypass normal authentication requirements in order to gain access
to a network (See “Backdoors” on page 6-12)
Reconnaissance
Reconnaissance attacks are internal or external and are intentional. Less
straightforward than brute force or other unauthorized access attacks, recon-
naissance attacks rely on several methods for detecting vulnerabilities in your
network so that any discovered vulnerabilities can be exploited.
Port scans
A common reconnaissance attack involves TCP/UDP ping sweeps, then
ports scans of the devices that respond. Any open TCP or UDP port will
allow traffic and reveal information about the services offered on the
network. Because certain networking applications use particular, well-
known ports, the attacker may be able to deduce which services are
available on the network according to the open ports and use these ports
to launch an attack.
Network mapping and enumeration software
Network administrators use network mapping and enumeration software
to verify their network security. However, this software, which is freely
available on the Internet, can also be used as part of an attack. Attackers
can use it to gain information about endpoints and applications on your
network before even attempting to breach the network perimeter security.
Attackers can quickly and quietly discover a large amount of information
about your network, including Service Pack and Hotfix information, ICMP
and DNS Resolution, the Operating System running on your network and
many other network vulnerabilities.