Explore chapters and articles related to this topic
Reconnaissance
Published in Nicholas Kolokotronis, Stavros Shiaeles, Cyber-Security Threats, Actors, and Dynamic Mitigation, 2021
Christos-Minas Mathas, Costas Vassilakis
The aforementioned information is collected through the application of a number of techniques that include the following: Performing a ping sweep to identify active hosts, i.e. send Internet Control Message Protocol (ICMP) ping requests to every IP valid address within a user-specified IP range and use the presence or absence of replies to derive whether each IP address corresponds to a currently active host or not.Scan for open ports: For each target host, probe packets are sent to each of the ports to be checked, and the replies—or the lack of them—are examined to infer whether some service is listening on the particular port. For ports for which no reply has been received, the reconnaissance process may attempt to distinguish between ports that are not bound to any service from ports that are bound to some service, however do not respond to probes due to the existence of security mechanisms.Perform scanning using firewall/intrusion detection system (IDS) evasion techniques: Organizations may deploy defensive measures to protect their infrastructure from network scanning, in order to deprive attackers of the advantages they would gain from the availability of the collected information. However, reconnaissance agents may employ techniques to overcome security defenses, and succeed in gathering the targeted information.Perform service scanning to identify services and their versions: Typically, this is achieved by issuing carefully crafted probes against the host, collecting the results, and performing analysis on them. This step may include OS identification, which can also be performed via fingerprinting.Derive network topology: As the network scanning process progresses, the network map is incrementally built, and the network topology may be derived. This can be accomplished either manually or through tools that facilitate information processing, analysis, and visualization.Determining properties of the communication protocols: Relevant properties, typically examined here, are predictable sequence numbers, which may be later exploited for attacks such as spoofing or session hijacking [7–9].
Application of internet of things-based efficient security solution for industrial
Published in Production Planning & Control, 2023
Mohammed Hasan Ali, Mustafa Musa Jaber, Sura Khalil Abd, Ahmed Alkhayyat, Malik R. Q, Mohammad Hussain Ali
This study provides a method based on edge nodes that examine the network environment from each smart sensor. The example of mapping from a network node device is shown in Figure 2. There are four nodes (M1–M4) in this sample network, and N1 periodically scans the network pseudo-randomly. Through creating a network map, networking modelling assists IT teams in discovering and visualising communication link. This area displays architecture identification, item catalogs, schematics, and control charts. The first scanning findings of four devices (M1–M4) are shown in the dashed arrows. This first scan will be used as a reference and this network must be kept safe. Afterwards, the network enters a new edge node device (A). The second (dotted) scan finds the expected equipment on the one hand and the new equipment on the other (A). This may suggest an intruder or other activities that cause the network to change maintenance. The following settings can be used for the network scanning and mapping in which the connections of the hosts are analysed. The following classes include the standard port scan techniques and extra possibilities: These groups are divided into two classes: Activated hosts in the network can be discovered with an Internet Control Message Protocol (ICMP) ping sweep. SYN detects and connects scanning of open ports and services. The detection of redirection might utilise time. A mechanism at the system level is ICMP. Its signals relay data about issues with data connections towards the origin of the corrupted transfer. It transmits control packets including origin quenching, unique methods failure, and act of designing inaccessible. The approaches incorporate these as a safety component for devices with IIoT edge nodes. No network scanner for low-power MCUs is available to the authors’ best knowledge.