Describe these evasion methods
Implementing Cisco Cybersecurity Operations (210-255)
- Encryption and Tunneling: Attackers use encryption and tunneling to obfuscate their attacks. VPN technologies like IPSec can be used to keep IPS/IDS from seeing the command and control traffic or even the attack traffic.
- Resource Exhaustion: A denial of service attack against security appliances like IPS can cause them to fail open thus removing their protection.
- Traffic fragmentation: By sending small fragments instead of the entire normal packet, attackers may be able to avoid detection by IPS systems because they may not see the attack as a whole to match a signature.
- Protocol-level misinterpretation: Using how protocols are supposed to work, attackers can manipulate their traffic to look different to IPS to avoid detection or to look like duplicate traffic.
- Traffic substitution and insertion: Using different encodings (ASCII vs Unicode) or hex instead of decimal are examples of substitution to avoid detection.
- Pivot: Pivoting from one host to another to another to keep an attack going can allow an attacker to get further access because a system may have access to more of the network than the previous host.