-
Use Encryption -
Use a secure protocol -
Limit incoming connections -
Minimize remote access -
Have strong authentication.
Countermeasure | When practical, limit successful sessions to specific IP addresses. This usually only works when dealing within an intranet setting, where the IP ranges are predictable and finite. |
Countermeasure | Re-authenticate the user before critical actions are performed. If possible, try to limit unique session tokens to each browser instance (e.g. generate the token with a hash of the MAC address of the computer and process id of the browser, etc.) Configure the appropriate spoof rules on gateways (internal and external). Monitor for ARP cache poisoning, by using IDS products or ARPwatch. |
Countermeasure | Use x.509 certificates to prevent more traditional types of TCP hijacking. |
Countermeasure | Use encryption. This can be done by one or more of the following.
|
Countermeasure | Use strong authentication (like Kerberos) or peer-to-peer VPN's. |
0 comments:
Post a Comment