Chapter 14. Understanding Network Security
In this chapter, we will cover the following recipes:
- Discovering unusual traffic patterns
- Discovering MAC- and ARP-based attacks
- Discovering ICMP and TCP SYN/Port scans
- Discovering DoS and DDoS attacks
- Locating smart TCP attacks
- Discovering brute-force and application attacks
Introduction
Information security is one of the fascinating areas in information systems, and its purpose is to secure the organization's systems against internal and external attacks that can come in various patterns. These attacks can come from the Internet or from the internal network, and as such, they all come through the network and therefore, can be monitored with Wireshark (and other tools that will be mentioned later).
For monitoring the network against malicious traffic, we must first understand what constitutes normal traffic. We can then try to find out how malicious traffic is short of being normal traffic. Among unusual traffic, we might see an ARP, IP...