Eicon Networks S92 Uživatelský manuál stáhnout pdf (Strana 165)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 165

Therefore,theservershouldbeinvestigatedsuchthat

theservicesusingtheseportsareentirelydisabled.

ThefactthattheOStypeoftheserverisdetected

deservesahighlynegativecomment.Thisallowsa

hackertoinitiateOS/platform/productspecific

attacks.

TheRASserverdoesnothaveIDSinstalled.So, by

itselftheintrusionattemptcouldnotbedetected.The

RASserverisalikelyattacktarget,anditis

recommendedthatafirewall/IDSbeimplementedon

ittoprovideacertaindegreeofprotection.

Otherassessmentmethods

ConfigureamodemdialupclienttodialintotheRASserver.Testthe

authenticationmechanismandthecallbacksecuritysetting:

n Trytomakemultipleloginattemptswiththewrongpasswordstodetermine

ifaccountlockoutworks.

n TrytodisablecallerIDandmakecallsfromdifferentphonenumberstosee

ifcallbacksecurityworks.

TheRASServersuccessfullyauthenticatedthe

legitimateusersandrejectedthenonlegitimate

clients.

AlthoughtheRASservercansatisfactorilyauthenticate

usersandmaintainacertainlevelofsecurity,itis

importanttorealizethepointsbelow:

1 2 ... 160 161 162 163 164 165 166 167 168 169 170 ... 208 209

Žádné komentáře

Eicon Networks S92 Uživatelský manuál Strana 165