Anti Spoofing: A Complete Guide in 3 Steps

Introduction

Spoofing is an online attack where the cyber attackers change the address or the source of a packet with the intent to make it seem that it appears from a trusted source. To detect such false or spoofed packets, enterprises set up routers, firewalls, and gateways which are responsible for examining each incoming packet and verify the source. Anti spoofing is a technique that detects packets with false addresses. Quick identification of detecting these addresses help in stepping up security measures. 

Anti spoofing is what Internet Service Providers or ISPs or network operators implement in the network. A system that can validate the source address is implemented in the infrastructure – it is done to stop spammed or spoofed packets with incorrect IP addresses to enter or leave the network. 

  1. What is Anti-spoofing?
  2. Anti spoofing in checkpoint and GPS
  3. Anti-spoofing techniques 

1. What is Anti-spoofing?

So, what is anti-spoofing meaning? Earlier, it was a form of ingress filtering where the IP addresses of the incoming packets are checked at the edge of the network. However, it has been proved that ingress filtering needs to be deployed all across all networks for effectiveness. Otherwise, it is not effective at all. 

That is why anti-spoofing is very important. 

Anti-spoofing definition – It is a technique that focuses on blocking off packets that are identified or detected to have wrong, falsified, or spoofed source addresses. This is done by creating a firewall rule that gets assigned to the interface that connects the firewall with the system. The firewall rule determines each incoming packet, checks the source addresses of these packets that come in contact with the interface.

The objective is to prevent attackers from unduly taking advantage of the network using a spoofed IP address. 

Source-Address Validation or SAV on the network; or Unicast Reverse-Path Forwarding that is used on cable-modem networks or uRPF that validates on router networks. Another way is to create packet-filters that permits packets with a legitimate IP address.

2. Anti spoofing in checkpoint and GPS

A) Anti spoofing Checkpoint

The anti-spoofing technique needs to be configured on the internal and external interface. The only exception to this should be for incoming traffic from a trusted network. 

How to configure anti-spoofing in the checkpoint firewall?

There are two ways to do so – configuring the internal interface and the external interface.

1) Configuring anti-spoofing on the internal interface

  • The Dashboard needs to be used for the same.
  • The network objects tree needs to be opened.
  • The Security Gateway needs to be double-clicked.
  • Then the Topology needs to be clicked on the navigation tree.
  • From the Topology, click on the Internal Interface and then choose Edit.
  • Next click on Topology, select the ‘Internal (leads to local Network)’, and finally select the ‘Network defined by the Interface IP and Net Mask’. 
  • You need to tick on the ‘Perform Anti-Spoofing based on Interface Topology’.
  • Select ‘Anti Spoofing Action is set to’ either – (a) Prevent – drop spoofed packet; (b) Detect – Allows spoofed packet. For monitoring the traffic it is advisable to use the Detect option. 

2) Configuring anti-spoofing on the external interface

  • Go to the Navigation Tree to choose Topology.
  • From the Topology Tree, select External Interface.
  • Click on Edit
  • The window for Interface Properties opens up.
  • From the Topology, go to External (leads out to the Internet).
  • Click on the box next to ‘Perform Anti-Spoofing based on Interface Topology’.
  • Now set ‘Anti Spoofing action’ to Prevent – Drops spoofed packets. 
  • Next, tick the option ‘Don’t check packets from’.
  • Now, choose Field, you need to choose the Group or Network Object that you do not intend to want to be anti spoofed. 
  • Go to Spoof Tracking, click on Log and then click OK.

B) Anti Spoofing in GPS

Today we are frequently using GPS-enabled devices. Not only end-users, but industries such as construction, supply chain, and logistics, or survey also are dependent on GPS and GNSS technologies. Both the technologies, Global Positioning System and Global Navigation Satellite System are reliable technologies that form the backbone of many industrial operations. Outages in such a network can cost dearly. Hence, there’s a need to have spoof-proof techniques like

  • Use of specially-programmed anti-spoofing signals on GNS Receivers that can identify and distinguish signals that are spoofed from the genuine ones. A spoofed satellite signal can then be removed from estimating PNT (Positioning, Navigation, and Time). 
  • Examples of such programmed signals are Galileo OS-NMA, GPS Military code, Advanced Interference Mitigation Technologies like Spetentrio AIM.
  • The use of a dual-polarized Antenna is also effectively used for anti-spoofing.

3. Anti-spoofing techniques 

A) Face biometric anti-spoofing

One of the key areas where biometric face recognition is coming into big-time use is that of anti-spoofing. The technology helps prevent face spoofing. 

  • A face recognition system can be attacked and it is famously called Presentation Attacks. There are static attacks and there are dynamic attacks in the 2D and the 3D space. At present, the 2D face spoofing is a more common problem. 
  • Some of the common anti-spoofing techniques used in this context are – Local Binary Pattern or LBP that uses texture image analysis; Eye blink detection is another method to differentiate between fake and live faces, and Convolutional Neural Network or CNN is a deep learning feature used for anti-spoofing.
  • The use of a dependable 3D camera is the basis of Face biometric anti-spoofing. Accuracy of the pixel depth is the key to prepare against presentation attacks.
  • Using an Active Flash is also one of the common ways to detect spoofing.

B) Anti-spoofing and selective availability in GPS

This technology is used widely by the Military and Civilian GPS Receivers. In this technology, the signals from satellites are masked. What happens is that the GPS receivers are unable to find the exact location or position due to this. This technology is primarily used by the military forces to work with an advantage when compared with other military forces. 

Different techniques that are being researched and also being used in the real-time to detect spoofing of GPS satellites:

  • Use of encrypted PY code
  • The antenna is being used to differentiate the direction from which the spoofed signal arrives.
  • Time of arrival is another technique
  • WAAS (Wide Area Augmentation System) Message Authentication 

Conclusion

To summarize, anti-spoofing technologies and techniques help in the identification and prevention of spoofed packets. These are packets that have a false address and can be of malicious intent to damage your network, steal data, install malware, and so on. Many technologies are used and are being researched upon. Firewall vendors configure anti-spoofing technologies so that private addresses are blocked on the external interface; while the external interface is programmed to bock off addresses that are part of the internal network range.

Also Read

Related Articles

loader
Please wait while your application is being created.
Request Callback