Which of the following can be mitigated by installing a personal firewall on a laptop? (Select the best answer.)
- a SYN flood attack
- a crosssite scripting attack
- a portscanning attack
- a sessionhijacking attack
Installing a personal firewall on a laptop can mitigate a portscanning attack. In a portscanning attack, an attacker uses a portscanning application to probe a computer to determine which ports are open and vulnerable to an attack. After determining which ports are open, the attacker can attempt to access the computer through an open port. With a personal firewall, you can protect a host from malicious traffic by permitting or denying specific applications or network ports access to the host or its network interface. Typically, a personal firewall provides sufficient granularity to specify the direction of a particular flow of traffic. For example, you could permit outbound web traffic but deny all inbound traffic that does not correspond to established outbound connections.
Installing a personal firewall on a laptop would not mitigate a sessionhijacking attack. A sessionhijacking attack requires that the attacker determine the Initial Sequence Number (ISN) for a new Transmission Control Protocol (TCP) session. The ISN is used during the TCP threeway handshake to synchronize the states of the sending and receiving hosts. If an attacker can guess the ISN or any subsequent sequence number for a connection, the attacker can hijack the session. Typically, an attacker will disrupt the connection by forcing one of the hosts to become unsynchronized and will then assume the identity of the unsynchronized host by spoofing its IP address. Session hijacking relies on the attacker being able to determine the correct sequence number for any given segment in a TCP session. Because some hosts use incremental ISNs and random sequence numbers, an attacker can determine the ISN for a new connection on a vulnerable host by first initiating a connection to the host and determining the current ISN.
Installing a personal firewall on a laptop would not mitigate a crosssite scripting (XSS) attack. An XSS attack takes advantage of weaknesses within a web application to insert malicious code into input fields on a web form. If the attack is successful, the attacker might be able to inject code into the webpage, which could allow the attacker to perform a variety of malicious tasks, such as redirecting visitors to another website or harvesting cookies from the victim’s computer. Serverside input validation can be used to mitigate XSS attacks performed on web forms. However, other types of XSS attacks, such as a link in an email to lure victims to a webpage containing malicious script, are not mitigated by input validation.
Installing a personal firewall on a laptop would not mitigate a SYN flood attack. A SYN flood attack sends a large volume of SYN segments to a target host in an attempt to saturate the target’s TCP connection table. The SYN flood attack exploits the TCP threeway handshake by sending TCP SYN segments from spoofed IP addresses. When the target host replies to the spoofed IP addresses, the target’s packets are ignored because the spoofed hosts do not have corresponding entries in their TCP connection tables. The target host will continue to wait for responses from the spoofed hosts until the TCP handshake times out. With a sufficient number of SYN requests, the target’s TCP connection table can become full. Once the TCP connection table is full, the target host will be unable to accept new TCP connections.