- ¦ Use access control lists (ACL) on router interfaces. As traffic comes into a router from an outside network, an ACL could be used to deny any outside traffic claiming to be addressed with IP addressing used internally on the local network. Conversely, ACLs should be used to prevent traffic leaving the local network from participating in a DDoS attack. Therefore, an ACL could deny any traffic leaving the local network that claimed to have a source address that was different from the internal network’s IP address space.
- ¦ Encrypt traffic between devices (for example, between two routers, or between an end system and a router) via an IPsec tunnel. In Figure 1-7, notice that the topology is now protected with an IPsec tunnel. Even though the attacker can still capture packets via his rogue hub, the captured packets are unreadable, because the traffic is encrypted inside the IPsec tunnel.
Figure 1-7 Protecting Traffic in a Tunnel
- Use cryptographic authentication. If the parties involved in a conversation are authenticated, potential man-in-the-middle attackers can be thwarted. Potential attackers will not be successfully authenticated by the other party in the conversation.
Posts
0 comments:
Post a Comment