Examice

Exam GCIH All QuestionsBrowse all questions from this exam

Question 11

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels.

Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

Block all outgoing traffic on port 21

Block all outgoing traffic on port 53

Block ICMP type 13 messages

Block ICMP type 3 messages

Correct Answer: D

To protect the network from a tool like Hping2, which can scan and explore internal networks, it is effective to block certain ICMP messages that reveal network information. ICMP type 3 messages (Destination unreachable) can inform an attacker whether a host or IP address is live or not, making it easier for them to map and scan the network. Blocking these messages helps in minimizing the information leakage that could aid an attacker in their reconnaissance efforts.

Discussion

jyjwOption: D

D, ICMP type 3 means echoed a message that cannot reach the target. Block it so that attacker cannot know whether the host or IP live or not.

Dudette

Hping2 is a tool used for network exploration and can be used to scan internal networks. To protect the company's network from such an attack, the best approach is to use an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) that can detect and block such traffic. Out of the options provided, blocking outgoing traffic on port 21 (FTP) and port 53 (DNS) would not be effective in preventing Hping2 from scanning the network. Blocking ICMP type 13 messages (Timestamp request) and ICMP type 3 messages (Destination unreachable) may prevent Hping2 from obtaining certain information about the network, but it would not fully prevent it from scanning the network. Therefore, the most effective way to protect the network from an attacker using Hping2 to scan the internal network would be to use an IDS or IPS that can detect and block such traffic.

youngprinceton

did you take test

adamwellaOption: A

The answer should be A) as port 21 (File Transfer Protocol (FTP)) network traffic is sent using clear text.Furthermore, blocking ICMP type 13 messages may have unintended consequences, such as interfering with legitimate network operations that depend on this type of ICMP message. For example, some network monitoring tools use ICMP Timestamp Request messages to measure network latency and monitor network performance.

The answer should be (D). Block ICMP type 3 messages (Destination unreachable) so that attacker cannot know whether the host or IP live or not.