구현기능 |
[모의해킹]
1) Metasploit
2) Network
Sniffing
- ARP Spoofing or ARP Redirect
- ICMP Spoofing(ICMP Redirect)
- DHCP Attack(Starvation / Spoofing)
- GRE
Spoofing
- IP Spoofing(SSH 접근통제 우회)
- DNS Spoofing / DNS Cache Poisoning
Hijacking
- TCP session Hijacking(telnet)
3) System
악성코드
- Ransomeware, Trojan, RAT, Backdoor, Wiper Malware
PWcracking
- john-the-ripper, Hydra, Xhydra(router/server)
4) WEB
정보수집
- Banner Grabbing, Fingerprinting, WEB sspidering, Vulneraility Scan
- Bypassing Client Validation
인증공격
- Basic / Form Based Authentication Brute Forcing
- Basic / Form Based Authentication Dictionary Attack
세션공격
- Brute Forcing, Fixation, Hijacking
Cross Site Scripting (stored, reflective)
Cross Site Request Forgery (stored, reflective)
SQL Injection
- 인증우회, Non-Blind(Query/Error), Blind(Boolean/Time)
Directory Listing
File Down/Upload
SSL Attack
- Mitm, Strip, HeartBleed
DOS
- Ping of Death, LAND Attack, Smurf Attack, Syn Floodding, TCP Connection Flood, UDP Flooding, ICMP Flooding
DDOS
- TCP Connection Flood, UDP Flooding, ICMP Flooding, GET Flooding, Hulk, CC Attack, Slow HTTP POST/Header/read DOS
DRDOS
- ICMP Flooding
[인프라망 구성]
1) Network
Hierarchical 3 layer 모델을 기반으로 Network 토폴로지 설계, User Zone, ServerFarm, DMZ Network 망분리, Network 할당 내역, NW 장비 Network 정보설정, Routing, NAT, TFTP를 이용한 설정 내용 백업 및 복구, Spanning Tree, VLAN, Gateway 이중화, VPN(Remote Access / Site-to-Site), Bandwidthd, L4 Switch or ipvsadm(SLB, FWLB, HA), Router ACL, iptables(Host/Network 기반), IDS(Host/Network 기반), IPS, NAC(PacketFence/Untangle), GRE
2) System
계정 및 그룹 관리, 디스크 관리(RAID), Cron, rsyslog, logrotate, 백업, PAM, SELinux, 백신
3) Service
원격 서비스(Telnet/SSH/RDP), DNS, DNSSEC, DHCP, FTP(Virtualhost), WEB(HSTS-Redirect), Secure Mail(Outlook)
4) WEB
WEB & DNS 구축 및 연동, Secure Coding, WAF(proxy)
5) SOL
UTM(VPN, High Availability), ESM |