Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Network Scanning

You're reading from   Practical Network Scanning Capture network vulnerabilities using standard tools such as Nmap and Nessus

Arrow left icon
Product type Paperback
Published in May 2018
Publisher
ISBN-13 9781788839235
Length 326 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Ajay Singh Chauhan Ajay Singh Chauhan
Author Profile Icon Ajay Singh Chauhan
Ajay Singh Chauhan
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Fundamental Security Concepts FREE CHAPTER 2. Secure Network Design 3. Server-Level Security 4. Cloud Security Design 5. Application Security Design 6. Threat Detection and Response 7. Vulnerability Assessment 8. Remote OS Detection 9. Public Key Infrastructure-SSL 10. Firewall Placement and Detection Techniques 11. VPN and WAN Encryption 12. Summary and Scope of Security Technologies 13. Assessment 14. Other Books you may enjoy

Hardening your TCP/IP stack


For any given operating system, tuning of the TCP/IP stack can be performed by the system administrator. Changing the default values of TCP/IP stack variables provides another layer of protection and helps you to secure your hosts in a better way.

This is all about determining and making decisions about how many connections the server can maintain in a half-open state before TCP/IP triggers SYN flooding attack protection. This simply means that to configure the threshold value of the TCP connection, requests must be exceeded before SYN flood protection is triggered.

The following parameters can be adjusted on an operating system level to tune TCP/IP stacks. These are not only applicable to the operating system, but also to network devices such as firewalls and load balancers, which allow you to fine tune TCP stacks:

  • TcpMaxHalfOpen
  • TcpMaxHalfOpenRetried
  • TcpMaxPortsExhausted
  • TcpMaxConnectResponseRetransmissions

We will discuss DoS attacks in detail in the next section...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image