Information Security Threats Mitigation
Francis Nsofwa Mubanga
Keller Graduate School of Management
Professor Sandra Kirkland
July 14th, 2011
Table of Contents
Denial-of-Service attacks (DoS) 1
Distributed Denial-of-Service attacks (DDoS) 1
Masquerading and IP Spoofing attacks 2
Smurf attacks 2
Land .c attacks 2
Man-in-the-Middle attacks 3
Our company faces the largest information security threat and we need to take steps to mitigate the risks associated with each one of them.
Denial-of-Service attacks (DoS)
We will analyze the attack as best as ...view middle of the document...
We can use CluB to collaborate with different routing policies in the network and also use contemporary datagram options (Fu, 2010).
Masquerading and IP Spoofing attacks
We will use the Unicast Reverse Path Forwarding (uRPF) feature a security tool that helps mitigate source IP address spoofing by discarding IP packets that lack a verifiable IP source address in the IP routing table. An uRPF is also a common technique used to mitigate source address spoofing. When we use uRPF, the source address of IP packets is checked to ensure that the route back to the source uses the same interface that the packet arrived on. The input interface might be feasible but if not the path to the source network, the packet will be dropped. There are two types of uRPF implementation namely Strict Mode complying with RFC 2827 filters on Network Ingress Edge and Best Current Practices (BCP 38) and Loose Mode for ISP to ISP Edge, for RTBH filtering (Cisco Systems, 2011).
We will need to disable IP-directed broadcast functionality on every router. Generally this functionality will not be missed. The attacker may still be able to launch a Smurf attack from inside our LAN, in which even if we disable IP broadcast functionality at the router their will be no effect. To protect against such an attack, our operating systems must be set to prevent computers from responding to IP-directed broadcast requests.
Land .c attacks
We will need to patch the operating...