Eicon Networks S92 Instrukcja Użytkownika Pobierz pdf (Strona 165)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 165

Therefore,theservershouldbeinvestigatedsuchthat

theservicesusingtheseportsareentirelydisabled.

ThefactthattheOStypeoftheserverisdetected

deservesahighlynegativecomment.Thisallowsa

hackertoinitiateOS/platform/productspecific

attacks.

TheRASserverdoesnothaveIDSinstalled.So, by

itselftheintrusionattemptcouldnotbedetected.The

RASserverisalikelyattacktarget,anditis

recommendedthatafirewall/IDSbeimplementedon

ittoprovideacertaindegreeofprotection.

Otherassessmentmethods

ConfigureamodemdialupclienttodialintotheRASserver.Testthe

authenticationmechanismandthecallbacksecuritysetting:

n Trytomakemultipleloginattemptswiththewrongpasswordstodetermine

ifaccountlockoutworks.

n TrytodisablecallerIDandmakecallsfromdifferentphonenumberstosee

ifcallbacksecurityworks.

TheRASServersuccessfullyauthenticatedthe

legitimateusersandrejectedthenonlegitimate

clients.

AlthoughtheRASservercansatisfactorilyauthenticate

usersandmaintainacertainlevelofsecurity,itis

importanttorealizethepointsbelow:

1 2 ... 160 161 162 163 164 165 166 167 168 169 170 ... 208 209

Brak uwag

Eicon Networks S92 Instrukcja Użytkownika Strona 165