7.8 Countermeasures

How to Defend Against Sniffing

  • Restrict the physical access to the network media to ensure that a packet sniffer cannot be installed.
  • Use encryption to protect confidential information.
  • Permanently add the MAC address of the gateway to the ARP cache.
  • Use static IP addresses and static ARP tables to prevent attackers from adding the spoofed ARP entries for machines in the network.
  • Turn off network identification broadcasts and if possible restrict the network to authorized users in order to protect network from being discovered with sniffing tools.
  • Use IPv6 instead of IPv4 protocol.
  • Use encrypted sessions such as SSH instead of Telnet, Secure Copy (SCP) instead of FTP, SSL for email connection, etc. to protect wireless network users against sniffing attacks.
  • Use HTTPS instead of HTTP to protect user names and passwords.
  • Use switch instead of hub as switch delivers data only to the intended recipient.
  • Use SFTP, instead of FTP for secure transfer of files.
  • Use PGP and S/MIPE, VPN, IPSec, SSL/TLS, Secure Shell (SSH) and One-time passwords (OTP).
  • Always encrypt the wireless traffic with a strong encryption protocol such as WPA and WPA2.
  • Retrieve MAC directly from NIC instead of OS; this prevents MAC address spoofing.
  • Use tools to determine if any NICs are running in the promiscuous mode.

Q1) Which of the following is not a defense against sniffing?

  1. Encrypting communication
  2. Implementing port security on all switches
  3. Moving to an all-switched network
  4. Using hubs within the network

A1) Using a hub within a network actually makes life easier on the sniffer. A fully switched network and port security frustrate such efforts. Encryption is, by far, the best option.

results matching ""

    No results matching ""