TY - GEN
T1 - ARP spoofing
T2 - 2009 Information Security Curriculum Development Annual Conference, InfoSecCD'09
AU - Trabelsi, Zouheir
AU - El-Hajj, Wassim
PY - 2009
Y1 - 2009
N2 - ARP spoofing attack, one of the most important security topics, is usually taught in courses such as Intrusion Detection in Local Area Networks (LANs). In such a course, hands-on labs are very important as they facilitate students' learning on how to detect ARP spoofing using various types of security solutions, such as intrusion detection and prevention systems (IDS/IPS). The preparation of these hands-on labs are usually the task of Security Instructors who are required to select and use efficient security solutions for their hands-on experiments; the problem that presents itself is that most of these security instructors lack the sufficient hands-on experience and skills. For this reason and because of the diversity of the available security solutions, the security instructors are having much difficulty when selecting the adequate security solutions for their hands-on labs. This paper is a comparative study for educational purpose. It provides analysis based on practical experiments carried out on a number of security solutions regarding their ability to detect ARP spoofing. Our analysis provides means for security instructors to evaluate and select the appropriate security solutions for their hands-on labs. In addition, we clearly show that ARP spoofing has not been given enough attention by most tested security solutions, even though this attack presents a serious threat, is very harmful and more dangerously it is easy to conduct. As a solution, we propose the requirements for an ideal algorithm that can be used by security solutions to detect effectively any ARP spoofing attack.
AB - ARP spoofing attack, one of the most important security topics, is usually taught in courses such as Intrusion Detection in Local Area Networks (LANs). In such a course, hands-on labs are very important as they facilitate students' learning on how to detect ARP spoofing using various types of security solutions, such as intrusion detection and prevention systems (IDS/IPS). The preparation of these hands-on labs are usually the task of Security Instructors who are required to select and use efficient security solutions for their hands-on experiments; the problem that presents itself is that most of these security instructors lack the sufficient hands-on experience and skills. For this reason and because of the diversity of the available security solutions, the security instructors are having much difficulty when selecting the adequate security solutions for their hands-on labs. This paper is a comparative study for educational purpose. It provides analysis based on practical experiments carried out on a number of security solutions regarding their ability to detect ARP spoofing. Our analysis provides means for security instructors to evaluate and select the appropriate security solutions for their hands-on labs. In addition, we clearly show that ARP spoofing has not been given enough attention by most tested security solutions, even though this attack presents a serious threat, is very harmful and more dangerously it is easy to conduct. As a solution, we propose the requirements for an ideal algorithm that can be used by security solutions to detect effectively any ARP spoofing attack.
KW - ARP spoofing
KW - ARP spoofing detection
KW - Denial of Service (DoS)
UR - http://www.scopus.com/inward/record.url?scp=79952507090&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79952507090&partnerID=8YFLogxK
U2 - 10.1145/1940976.1940989
DO - 10.1145/1940976.1940989
M3 - Conference contribution
AN - SCOPUS:79952507090
SN - 9781605586618
T3 - Proceedings of the 2009 Information Security Curriculum Development Annual Conference, InfoSecCD'09
SP - 60
EP - 66
BT - Proceedings of the 2009 Information Security Curriculum Development Annual Conference, InfoSecCD'09
Y2 - 25 September 2009 through 26 September 2009
ER -