Mitigating Reconnaissance Attacks
You can mitigate reconnaissance attacks in several ways:
■ Firewall and intrusion prevention system (IPS)—A firewall (either
Cisco IOS based or appliance based) is an effective way to stop ping
sweeps, port scans, and other network probes. An IPS can detect and
sometimes take countermeasures against these probes.
■ Authentication—Strong authentication is an effective way to defeat
password sniffers. Use of two-factor authentication such as token cards
makes it extremely difficult for an attacker to gather passwords with a
packet sniffer because the password hashes expire continually.
■ Cryptography—Even with strong authentication, an attacker with a
packet sniffer could still gather other sensitive information on the
network. Encrypting traffic with standards-based encryption protocols
prevents this.
■ Antisniffer tools—Several manufacturers offer tools designed to
detect the presence of packet sniffers on a network.
■ Switched infrastructure—By isolating collision domains to individual
ports, switches make it more difficult for packet sniffers to find
sensitive information. Advanced switch security tools such as DHCP
inspection and dynamic Address Resolution Protocol (ARP) inspection
add to this functionality.