55 Describe various mitigation techniques policies and procedures
These are the techniques that are required by the network administrator to reduce vulnerabilities in the network. Network administrators must know about the various attacks and methods to handle those attacks.
Mitigating Reconnaissance Attacks: Reconnaissance refers to the process of learning information about the network to be attacked with the help of readily available information and applications These attacks include:
1) Packet sniffers
2) Port scans
3) Ping sweeps
4) Internet information queries
Mitigation of reconnaissance attack using packet sniffers:
The technique required to mitigate packet sniffer attacks includes authentication, switched infrastructure, anti sniffer tool and cryptography.
Authentication: With the help of authentication we can defend against packet sniffers. If a network that only allows the user inside after proper authentication can provide security against these types of attacks.
User Training
Users should be given proper training in order to provide complete security in the network. If users are trained they will always know the hazards of accessing unsecured networks. Proper training should be given in case of phishing attacks. They should be trained to reply to only authentic emails and not to provide sensitive information in any email reply.
Patches and Updates
Even if all security measures are taken into consideration and proper security devices are deployed into the network still there is a need to upgrade these systems from time to time. If we deploy an Antivirus software into our system only deployment does not solves the whole problem. Antivirus software need to be updated regularly as new virus definitions are launched after each week or month. Not updating Antivirus software makes our systems prone to new virus attacks which the Antivirus software have no clue of.
Proper patches and updates should be applied to the operating systems deployed in the network. Patches provide solution to the various vulnerabilities in the operating system. These patches can be downloaded and applied either to all systems independently or just the patches can be loaded in the server and each client updates it operating system from the server. Microsoft Windows has a built in functionality of updating itself through internet.