Certified Ethical Hacker (CEH) : Evading IDS, Firewall and Honeypots

0
883

Intrusion Detection Systems (IDS)

Ways to Detect an Intrusion

  • Signature-based IDS/IPS
  • Policy-based IDS/IPS
  • Anomaly-based IDS/IPS
  • Reputation-based IDS/IPS

Types of Intrusion Detection Systems

  • Host-based Intrusion Detection
  • Network-based Intrusion Detection

There are four major types of Host-based IDS/IPS:

  • File System Monitoring
  • Log Files Analysis
  • Connection Analysis
  • Kernel Level Detection

The network-based IPS

Firewall

Firewall Architecture

  • Bastion Host
  • Screened Subnet
  • Multi-homed Firewall
  • DeMilitarized Zone (DMZ)

Types of Firewall

  • Packet Filtering Firewall
  • Circuit-Level Gateway Firewall
  • Application-Level Firewall
  • Stateful Multilayer Inspection Firewall
  • Transparent firewalls
  • Next Generation (NGFW) firewalls
  • Personal Firewalls

Honeypot

Types of Honeypots

  • High-Interaction Honeypots
  • Low-Interaction Honeypots

Detecting Honeypots

Intrusion Detection Tools

  • Snort
  • Snort Rule
  • ZoneAlarm PRO Firewall 2015
  • Comodo Firewall
  • Cisco ASA 1000V Cloud Firewall

Firewalls for Mobile

  • Android Firewall
  • Firewall IP

Honeypot Tool

  • KFSensor
  • SPECTER
  • PatriotBox
  • HIHAT

Evading IDS

  • Insertion Attack
  • Fragmentation Attack
  • Denial-of-Service Attack (DoS)
  • Obfuscating
  • False Positive Generation
  • Session Splicing
  • Unicode Evasion Technique

Evading Firewalls

  • Firewall Identification
  • Port Scanning
  • Fire-walking
  • Banner Grabbing
  • IP Address Spoofing
  • Source Routing

By passing Techniques

  • Bypassing Blocked Sites Using IP Address
  • Bypass Blocked Sites Using Proxy
  • Bypassing through ICMP Tunneling Method
  • Bypassing Firewall through HTTP Tunneling Method
  • Bypassing through SSH Tunneling Method
  • Bypassing Firewall through External Systems

HTTP Tunneling Tools

  • HTTPort
  • HTTHost
  • Super Network Tunnel
  • HTTP-Tunnel

IDS/Firewall Evasion Counter-measures

  • Port scanning
  • Banner grabbing
  • Fire-walking
  • IP address spoofing
  • Source routing
  • Bypassing firewall using IP in URL
  • Attempt a fragmentation attack
  • Troubleshooting behavior using proxy servers
  • Troubleshooting behavior using ICMP tunneling

LEAVE A REPLY

Please enter your comment!
Please enter your name here