Managing and preventing an evasion technique is a great challenge. There are so many techniques to make it difficult for an attacker to evade detection. These defensive and monitoring techniques ensure the detection system to protect the network and have more control over traffic. Some of these techniques are basic troubleshooting and monitoring, whereas some techniques are focused on proper configuration of IPS/IDS and firewalls. Initially, observe and troubleshoot the firewall by Port scanning Banner grabbing Fire-walking IP address spoofing Source routing Bypassing firewall using IP in URL Attempt a fragmentation attack Troubleshooting behavior using proxy servers Troubleshooting behavior using ICMP tunneling Shutting down the unused ports, ports that are associated with known attacks in an effective step to prevent evasion. Perform in-depth analysis, resetting the malicious session, updating patches, IDS deployment, fragmented packet normalization, increasing TTL expiry, blocking TTL expired packet, reassembly of the packet at IDS, hardening the security and correctly enforcement of policies are effective step of preventing these attacks.
Page 383 of 503
Lab 12-1: Configuring Honeypot on Windows Server 2016 Machines: Windows Server 2016 (VM) Windows 7 (VM) Software used: HoneyBots (https://www.atomicsoftwaresolutions.com)
Procedure: 1. Open HoneyBot Application 2. Set parameters or leave it to default