WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.3  The Web
           9  2.3.3  Instant Messaging

Previous Topic/Section
2.3.3.2  8.3 Naming Conventions
Previous Page
Pages in Current Topic/Section
1
Next Page
 2.3.3.4  Privacy
Next Topic/Section

2.3.3.3  Packet Sniffing

As noted earlier, a significant security issue with IM is that packet sniffing enables an attacker to view any unencrypted traffic on the network, including IM traffic. If a user within your organization is using IM to communicate with, say, a supplier or support person across the Internet, it’s possible that customer numbers, system or network passwords, and all manner of other information you’d rather see kept private, is traveling in clear text across the Internet, from your network to the other party’s.

Of course, this point of vulnerability has an up side in other situations. A Network based IDS (Intrusion Detection System) can use packet-sniffing to observe an entire network looking for previously discovered attack signatures, and take action to warn administrators and safeguard the network. As of 2003, IDS may be vulnerable to issues with IPv6210.

Network IDS (NIDS)

A Network IDS (NIDS) can use packet sniffing to scan a network for known attack signatures, warning administrators and taking steps to safeguard the network if one is found.



 __________________

210. http://www.der-keiler.de/Mailing-Lists/securityfocus/focus-ids/2002-12/0070.html

Previous Topic/Section
2.3.3.2  8.3 Naming Conventions
Previous Page
Pages in Current Topic/Section
1
Next Page
 2.3.3.4  Privacy
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.