This chapter provides insight into technologies and
techniques available on Cisco devices to combat network attacks on Layer 3 and Layer 2 devices.
The chapter also covers details of how to use the Security Incident Response Framework to respond to a
security incident and to understand and be prepared for any security event by using an incident response
methodology and the formation of an Incident Response Team (IRT).
Vulnerabilities, Threats, and Exploits
It is disconcerting to realize that it is difficult, if not impossible, to track down and eliminate all possible security
holes, because intruders need only one security hole to break in. In certain cases, an intruder can take
advantage of the design of a particular piece of software, a misconfiguration or loosely configured device, or
perhaps an inherent flaw in a protocol. The TCP/IP protocol is a good example. The protocol was developed a
long time ago when designers did not pay particular attention to the security concerns we observe today.
Examples of leveraging flaws in protocols include IP spoofing, source routing, SYN floods, smurf attacks,
application tunneling, and much more. Before we take a closer look at the mitigation techniques, however, we
will begin with a quick overview of some of the attack vectors.
Pages:
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347