Consider the following threats to VPNs and describe how each is countered by a p
ID: 3809204 • Letter: C
Question
Consider the following threats to VPNs and describe how each is countered by a
particular feature of IPSec. (short paragraph for each)
a. Brute-Force Attack: An exhaustive search of the key space for a
conventional encryption algorithm.
b. Replay Attack: Earlier IPSec messages are replayed.
c. Man-in-the-middle attack: An attacker interposes during key exchange,
acting as the client to the server and as the server to the client.
d. IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus
data.
e. SYN Flooding: An attacker sends TCP SYN messages to open half TCP
connections.
Please add the source of your answers
Explanation / Answer
Consider the following threats to VPNs and describe how each is countered by a particular feature of IPSec. (short paragraph for each)
a. Brute-Force Attack: An exhaustive search of the key space for a conventional encryption algorithm.
This includes navigating the whole scan space for every conceivable blend of the secret word until a match is found. Thus it is prescribed to utilize a solid secret key with blends of numbers, exceptional characters and letter sets.
b. Replay Attack: Earlier IPSec messages are replayed.
Replay attack is an attempt of attacker to legitimately record and replay already processed protected IP attacks. In repaly attack replayed IP attacks looks similar to previously processed packets. Without pevention of replay attack it will be harmful sometimes , as if the replayed packets contains some commands and if they executes there will be problems. Authentication header and Encapsulating Security payload security payload protocols used to prevent replay attacks. i.e. theses ate the anti replay protocols.
Sequencing the packets may lead to prevent replay attack. In this each of the packets has sequence number which is helpful in deciding packets are already processed or not.Based on 3 way handshake protocol. i.e. packets are carrying SYN, SYN ACK, ACK flags. It is a connection oriented protocol.
c. Man-in-the-middle attack: An attacker interposes during key exchange,
acting as the client to the server and as the server to the client.
Man-in-the-middle attack is a kind of cyberattack where a vindictive performing artist embeds him/herself into a discussion between two gatherings, imitates both sides and accesses data that the two gatherings were attempting to send to each other. Man-in-the-middle attack permits a pernicious on-screen character to capture, send and get information implied for another person, or not intended to be sent by any stretch of the imagination, without either outside gathering knowing until it is past the point of no return. Man-in-the-center assaults can be truncated from multiple points of view, including MITM, MitM, MiM or MIM.
d. IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
In this type of an attack attacker sends IP packet with a faked IP source address to the receiver.
The receiver sends a message to the machine having origibal IP address and there is denial of service attack for that machine. Attacker is not getting any response as he used faked IP address.
e. SYN Flooding: An attacker sends TCP SYN messages to open half TCP connections.
In this type of attack , attacker is working on the server. Attacker uses IP address of another machine and sends packet to the server. The server gives response to the machine having that IP address.The machine can not response due to previous attack. Attacker then guesses the next sequence number to establish the TCP connection.
Sequencing the packets may lead to prevent replay attack. In this each of the packets has sequence number which is helpful in deciding packets are already processed or not.Based on 3 way handshake protocol. i.e. packets are carrying SYN, SYN ACK, ACK flags. It is a connection oriented protocol.
Thank you.