Overview
FrançaisRead this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Laurent LEVIER: Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - Internal Network Security Officer, Equant Télécommunications
INTRODUCTION
We have seen in the and that it is possible for an ill-intentioned person to map a network, even if it is protected by security equipment, but also, while remaining at a distance, to harm this network by, for example, altering its routing functions, deceiving some of the equipment it hosts by usurping IP addresses and many other techniques.
We also discovered that machines placed on remote networks could themselves fall prey to the hacker, either to access the information they contain, or to use them as a "rebound" platform to gain access to other equipment, such as the firewall. from the network it protects, or a secondary system in a three-tier architecture, for example.
So far, the hacker has only worked on level 3 of the OSI model of the TCP/IP protocol. While he has discovered the existence of listening network services, he is still unsure whether he can use a particular port to carry out his attack. He's still missing one piece of information: which is the most interesting weak point?
Here, we'll look at the concept of a weakness, and the consequences it can have for a hacker, and vice versa for the victim. Of course, assessing the presence of a particular weakness requires us to consider not only the network layer, but also the higher layers which offer more possibilities.
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
System attacks
Bibliography
Requests for Comments (RFC)
Mailing lists and newsgroups
Full-disclosure https://lists.grok.org.uk/mailman/listinfo/full-disclosure
Websites
SecurityFocus http://www.securityfocus.com
Secunia http://secunia.com
Packet Storm Security http://www.packetstormsecurity.org
Tools
(non-exhaustive list)
KeePass http://keepass.sourceforge.net
OpenSSH http://www.openssh.com
Nmap http://www.insecure.org/nmap
...
Organization
Internet Engineering Task Force (IETF) http://www.ietf.org
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference