CCNA CyberOps SECFND Objective 6.6

Describe these evasion methods

Implementing Cisco Cybersecurity Operations (210-255)
  • Encryption and Tunneling: Attackers use encryption and tunneling to obfuscate their attacks. VPN technologies like IPSec can be used to keep IPS/IDS from seeing the command and control traffic or even the attack traffic.
  • Resource Exhaustion: A denial of service attack against security appliances like IPS can cause them to fail open thus removing their protection.
  • Traffic fragmentation: By sending small fragments instead of the entire normal packet, attackers may be able to avoid detection by IPS systems because they may not see the attack as a whole to match a signature.
  • Protocol-level misinterpretation: Using how protocols are supposed to work, attackers can manipulate their traffic to look different to IPS to avoid detection or to look like duplicate traffic.
  • Traffic substitution and insertion: Using different encodings (ASCII vs Unicode) or hex instead of decimal are examples of substitution to avoid detection.
  • Pivot: Pivoting from one host to another to another to keep an attack going can allow an attacker to get further access because a system may have access to more of the network than the previous host.