Intrusion Prevention and Intrusion Detection Systems 43
Firewalls
The firewall category includes proxy firewalls; however, because of a proxy’s varied func-
tions it seems appropriate to give them their own subsection. Firewalls are most commonly
broken down into the following main categories:
■ Packet filtering
■ Stateful packet filtering
■ Application proxies, which we covered earlier
Packet filtering firewalls look at the header information of the packets to determine legit-
imate traffic. Rules such as IP addresses and ports are used from the header to determine
whether to allow or deny the packet entry. Stateful firewalls, on the other hand,
determine the legitimacy of traffic based on the state of the connection from which the traf-
fic originated. For example, if a legitimate connection has been established between a client
machine and a web server, then the stateful firewall refers to its state table to verify that
traffic originating from within that connection is vetted and legitimate.
Firewalls and proxies are only as effective as their configuration, and their
configuration is only as effective as the administrator creating them. Many
firewall attacks are intended to circumvent them as opposed to a head-on
assault; for us hackers, the softest target is our aim.Intrusion Prevention and Intrusion Detection Systems
Intrusion prevention systems (IPSs) and intrusion detection systems (IDSs) are important
considerations for any smart hacker. It is important for you, as a hacker, to cover your
tracks and keep a low profile—as in no profile at all. It should be common sense, but
consider this: If instead of tiptoeing around a network, you slam the network with ARP
requests, ping sweeps, and port scans, how far do you think you’ll get? Exactly! Not far at
all. IPSs and IDSs are network appliances put in place to catch the very activity that serves
our purposes best. The key is to walk lightly, but still walk. First let’s familiarize ourselves
with IPS and IDS basics; if you know how something works, you can also learn how to cir-
cumvent its defenses.
The goal of an IDS is to detect any suspicious network activity. The keyword here is
detect. An IDS is passive in nature; it senses a questionable activity occurring and passively
reacts by sending a notification to an administrator signifying something is wrong. Think
of it as a burglar alarm. While a burglar alarm alerts you that a burglar is present, it does
not stop the burglar from breaking in and stealing items from you. Although such an appli-
ance is passive, the benefit of using it is being able to reactively catch potentially malicious