Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
491492493494495496497498499500
6-10
Intrusion Detection and Prevention
IDS/IPS Concepts
Note Because protocol anomaly attacks exploit protocol specifications, they are
sometimes referred to as protocol exploitation attacks. This guide will refer
to them only as protocol anomaly attacks.
Traffic Information
Traffic information attacks affect the way network traffic travels through the
network. The most common traffic information attack is the buffer overflow
attack. In this attack, the attack convinces a program to store information even
after it has reached it’s buffering threshold. As a result, the device overwrites
adjacent buffers, overwriting or corrupting the data held in the adjacent
buffers. The “extra” data that the program is buffering may also contain
malicious code.
Unauthorized Access
Unauthorized access attacks occur when an unauthorized user accesses your
network either by guessing or stealing a password or by finding insecure
network access points. Some methods used to gain unauthorized access are:
Brute force
In a brute force attack, an attacker systematically attempts all possible
password combinations, in order to discover a password and gain access
to the network. Despite requiring a large amount of time and processing
power, brute force attacks are often successful. Implementing a brute
force attack is relatively simple: brute force and dictionary-based pass-
word cracker software is easily available online. However, a vigilant
network administrator can usually detect a brute force attack before it
succeeds.
War driving
War drivers exploit the open nature of the wireless medium to find and
infiltrate wireless networks by literally driving around in order to find
unsecured or easily cracked wireless networks. People often simply
connect a wireless access point (AP) and immediately begin using it
without enabling any sort of security measures, which allows war drivers
to have open access to the network. Because all transmissions between
wireless devices and the AP are unencrypted, a war driver can listen in
and steal any information passed between the two devices.
Additionally, not all wireless encryption schemes are secure. For example,
a war driver may gain access to a Wired Equivalent Privacy (WEP)-
secured network by intercepting traffic passed between the AP and