Home' RTCA Documents for Review : DO-230H FRAC Contents 244
© 2017, RTCA, Inc.
control (MAC) address of a device to determine whether or not the device is allowed to connect to
the networks. Closing all open ports on network switches can also help keep unauthorized users
from accessing the network.
When traffic from an unknown source appears on the networks, port security classifies this traffic as a
security violation. In addition, security violations occur when traffic from an address that is configured as
a secure MAC address appears on another interface within the same virtual local area networks (VLAN).
When security violations occur, port security can be configured to either shut down the interface on which
the violation was detected, or restrict the traffic on that interface.
Spoofing and TCP/IP: Many of the protocols in the TCP/IP suite do not provide mechanisms for
authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks
if extra precautions are not taken by applications to verify the identity of the sending or receiving
host. IP spoofing and ARP spoofing in particular may be used to leverage man-in-the-middle
attacks against hosts on a computer network. Spoofing attacks which take advantage of TCP/IP
suite protocols may be mitigated with the use of firewalls capable of deep packet inspection or by
taking measures to verify the identity of the sender or recipient of a message.
“Spoofing” can also refer to copyright holders placing distorted or unlistenable versions of works
on file-sharing networks, to discourage downloading from these sources.
E-mail address spoofing: The sender information shown in e-mails (the “From” field) can be
spoofed easily. This technique is commonly used by spammers to hide the origin of their e-mails
and leads to problems such as misdirected bounces (i.e. e-mail spam backscatter).
E-mail address spoofing is done in quite the same way as writing a forged return address using
snail mail. As long as the letter fits the protocol, (i.e. stamp, postal code) the SMTP protocol will
send the message. It can be done using a mail server with telnet.
Hard Attack (Destruction): In order for the SOC to maintain Command and control, or C2, it is
necessary to build a communications network that with the removal of a network node the ability
to maintain situational awareness is not diminished for the SOC.
If an explosive attack or failure of power to a telecommunications room occurs, it can take out
the network. In designing the communications network, it is recommended there be multiple
routes with secured cabling in conduit. This should be one of the easiest attacks to prepare for,
but if both routes are in public areas prior to passing through secured barriers, this would be
considered a weak point in the network.
Man-in-the-Middle: The man-in-the-middle attack (often abbreviated MITM, also known as a
bucket brigade attack, or sometimes Janus attack) in cryptography and computer security is a form
of active eavesdropping in which the attacker makes independent connections with the victims and
relays messages between them, making them believe that they are talking directly to each other
over a private connection, when in fact the entire conversation is controlled by the attacker. The
attacker is then able to intercept all messages going between the two victims and inject new ones,
which is straightforward in many circumstances (for example, an attacker within reception range
of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).
A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint
to the satisfaction of the other—it is an attack on (or lack of) mutual authentication. Most
cryptographic protocols include some form of endpoint authentication specifically to prevent
MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted
Links Archive Navigation Previous Page Next Page