CCNA Security v2.0 Chapter 1: Modern Threats

Questions and Answers

Which of the following is NOT a typical objective of an access attack?

• System access
• Network reconnaissance (correct)
• Privilege escalation
• Data retrieval

What is the primary purpose of a ping sweep in the context of network attacks?

• To flood a target with packets.
• To identify active IP addresses. (correct)
• To redirect network traffic.
• To exploit software vulnerabilities.

Which attack involves manipulating a network to misdirect traffic?

• Man-in-the-middle
• MAC spoofing
• Buffer overflow
• Port redirection (correct)

Social engineering attacks rely most significantly on what to be successful?

Human interaction (B)

What is a botnet primarily used for in DDoS attacks?

To control zombies and execute attacks. (D)

Which of these security measures is primarily used for inside perimeter security?

Electronic motion detectors (A)

Which of the following best characterizes the evolution of modern hacking titles?

From individual hackers to more sophisticated, state-sponsored groups (B)

Which of the following is a tool specifically designed for identifying and exploiting network vulnerabilities?

Vulnerability exploitation tools (A)

Which of these activities is not typically associated with penetration testing tools?

Encryption (B)

Which security measure would be most effective in deterring unauthorized physical access into a data center?

Biometric access and exit sensors (D)

Which of the following best describes a 'threat' in the context of network security?

A potential negative action or event that could exploit a weakness. (C)

Which of the following is NOT explicitly identified as a vector of data loss?

Network Segmentation (A)

A company operates a large office building with multiple interconnected local networks. This setup is best described as which type of network?

Campus Area Network (CAN) (A)

In the context of network security, what does 'mitigation' primarily refer to?

Actions taken to reduce the impact and likelihood of threats. (B)

Which of the options, presents a common means of data loss, where physical controls would be useful?

Hard Copy (D)

What technique is used to ensure that the data is not only available but also protected from unauthorized access?

Encryption (C)

In the context of network security, which of the following describes the concept of integrity?

Guaranteeing that data remains unaltered during transmission (D)

What is the primary goal of the Cisco SecureX Architecture?

To enhance visibility and integration across security tools (B)

Which of the following domains must be collectively addressed to effectively protect a network?

Confidentiality, Integrity, and Availability (A)

Which method is NOT typically used to mitigate common network attacks?

Performing denial of service attacks (C)

A "Trojan Horse" malware classification that disables security software is known as a "Data-Sending" Trojan.

False (B)

One of the stages in the propagation cycle of a Code Red Worm is "Dormant for a few days".

True (A)

Eavesdropping, a common network hacking attack, is the act of intercepting and listening to network traffic.

True (A)

The "Payload" component of a worm is responsible for enabling the worm's vulnerability, allowing it to spread.

False (B)

The classification of "Remote-access" Trojan Horse malware allows attackers to remotely control the user's device.

True (A)

Risk, in network security, refers to a potential exploitable weakness in a network.

False (B)

Hard copies of documents are not considered a potential vector for data loss.

False (B)

A Wide Area Network (WAN) is typically used to connect multiple buildings within a single office campus.

False (B)

Cloud storage devices are not considered a potential vector for data loss as they are secured by service providers.

False (B)

Mitigation is the process of completely eliminating all vulnerabilities in a network environment.

False (B)

DDoS attacks rely on a single infected machine to execute the attack.

False (B)

Scareware is a type of malware designed primarily to modify data.

False (B)

Access attacks can include techniques such as buffer overflow and man-in-the-middle.

True (A)

Social engineering attacks include techniques like reconnaissance and denial of service.

False (B)

DDoS attacks are typically carried out by a botnet of zombies controlled by a hacker.

True (A)

Phishing and spearphishing are both types of social engineering attacks.

True (A)

Confidentiality in network security primarily ensures that data is accessible.

False (B)

The CIA triad stands for Confidentiality, Integrity, and Availability in network security.

True (A)

Integrity in network security involves using encryption to protect data.

False (B)

Availability in network security means that data is effectively hidden from unauthorized users.

False (B)

Flashcards

Vulnerability

A weakness or flaw in a system or its security measures that can be exploited by an attacker.

Threat

Any potential event or action that could negatively impact the confidentiality, integrity, or availability of information or systems.

Mitigation

Actions taken to reduce the likelihood or impact of a threat.

Risk

The likelihood of a threat exploiting a vulnerability, resulting in a negative impact.

Campus Area Network (CAN)

A network that connects devices within a confined geographical area, typically a building or campus.

Confidentiality

Keeping data secret and accessible only to authorized individuals or systems.

Integrity

Ensuring data remains accurate and unchanged during its lifecycle.

Availability

Guaranteeing access to data and resources when needed.

Network Security Professionals

Professionals specializing in protecting networks from threats like unauthorized access, data breaches, and cyberattacks.

Network Security Organizations

Organizations dedicated to researching, sharing knowledge, and developing best practices in the field of network security.

Hackers

Individuals with malicious intent who exploit vulnerabilities in network systems to gain unauthorized access or cause harm.

Cyber Criminals

Individuals who exploit security flaws in systems for financial gain, often by stealing sensitive information, disrupting services, or demanding ransom.

Hacktivists

Individuals or groups that use hacking techniques to promote political or social causes, often by disrupting websites or services.

Attack Tools

Programs designed to identify and exploit weaknesses in computer systems, often used by hackers to gain unauthorized access or cause damage.

Penetration Testing

The process of simulating a real-world attack on a network or system to identify vulnerabilities and test security measures.

Reconnaissance Attacks

A type of network attack that aims to gather information about a target. This can include identifying open ports, discovering vulnerable systems, or mapping out network topology.

Access Attacks

These attacks are designed to gain unauthorized access to a system or network. Tactics include phishing, exploiting vulnerabilities, or impersonating legitimate users.

Phishing Attacks

A type of social engineering attack where attackers mislead someone into willingly giving up sensitive information. Examples include phishing emails or fake websites.

Denial of Service (DoS) Attacks

A type of attack designed to overload a system with traffic, making it unavailable to legitimate users. The goal is to disrupt service and deny access.

Distributed Denial of Service (DDoS) Attacks

A more powerful form of DoS attacks, using a network of compromised computers to overwhelm the target. This creates a larger and more impactful attack.

What is a threat?

Any potential event or action that could negatively impact the confidentiality, integrity, or availability of information or systems.

Worm

A type of malware that spreads from one computer to another without human interaction.

What is a vulnerability?

A weakness or flaw in a system or its security measures that can be exploited by an attacker.

Trojan Horse

A type of malware that disguises itself as legitimate software to gain access to a system.

What is mitigation?

Actions taken to reduce the likelihood or impact of a threat.

What is risk?

The likelihood of a threat exploiting a vulnerability, resulting in a negative impact.

Virus

A type of malware that attaches itself to other programs and replicates itself.

Denial-of-service attack

A network attack that aims to prevent legitimate users from accessing a service or resource.

What is a Campus Area Network (CAN)?

A network that connects devices within a confined geographical area, typically a building or campus.

Man-in-the-middle attack

A type of network attack where an attacker intercepts communication between two parties.

Botnet

A network of compromised computers controlled by a hacker to launch attacks.

Zombies

Computers under the control of a botnet, used to carry out attacks.

Pretexting

A method used in social engineering where someone pretends to be someone they are not to gain information.

Network Security

Protecting network resources. Defending a network from threats ensures access and security.

Study Notes

Chapter 1: Modern Network Security Threats

• This chapter discusses modern network security threats.
• The course is CCNA Security v2.0 taught by Dr. Nadhir Ben Halima.
• The chapter outline includes Introduction, Securing Networks, Network Threats, Mitigating Threats, and Summary.

Section 1.1: Securing Networks

• Upon completion, students should describe the current network security landscape.
• They should also explain why all types of networks need protection.

Topic 1.1.1: Current State of Affairs

• Networks are targets for attacks.
• Specific attack origins and targets are tracked and visible.
• Attack types and associated attack tools are recorded.

Topic 1.1.2: Network Topology Overview

• Different network topologies exist, each with security needs:
  • Campus Area Networks (CAN): Includes AAA servers, firewalls, VPNs, IPS, Layer 3 and 2 switches, DHCP and web servers
  • Small Office/Home Office (SOHO) Networks: Typically uses wireless router, layer 2 switch
  • Wide Area Networks (WAN): Connects multiple locations (branch, regional, corporate) via Point of Presence (POP) and VPN connections. A Cisco ASA firewall is often used at each connection.
  • Data Center Networks: Outside perimeter typically has security personnel, fences, security cameras and alarms. The inside perimeter has electronic motion detectors, security traps (often security cameras), and biometric access/exit sensors.

Section 1.2: Network Threats

• Students should understand the evolution of network security.
• They should describe various attack tools used by hackers.
• Students should describe malware, and explain common network attacks.

Topic 1.2.1: Who is Hacking Our Networks?

• Modern hacking titles include script kiddies, vulnerability brokers, hacktivists, cybercriminals, and state-sponsored hackers.
• The motivations and capabilities of different hacker groups vary.

Topic 1.2.2: Hacker Tools.

• Sophistication of Attacker Tools and Technical Knowledge Needed is constantly changing over time. Tools range from simple scripts to complex exploits.

Topic 1.2.3: Malware

• Malware types include viruses, worms, and Trojan horses, each with different characteristics and propagation methods.
• Examples of specific malware variations are: Adware, Spyware, Ransomware, Scareware, and Rootkits, Phishing.

Topic 1.2.4: Common Network Attacks

• Different types of attacks exist, including reconnaissance, access attacks, denial-of-service (DoS), and distributed denial-of-service (DDoS) attacks.
  • Reconnaissance: Attacks involve initial queries of a network to see what's there, ping sweeps, port scans, and using vulnerability scanners and exploitation tools to discover potential vulnerabilities and weaknesses.
  • Access Attacks: These attacks typically include password-based attacks, port redirection, man-in-the-middle attacks, buffer overflows, and IP/MAC/DHCP spoofing.
  • Denial of Service (DoS): Attacks flood a system/network with requests, preventing legitimate users from accessing the resource.
  • Distributed Denial of Service (DDoS) Attacks: Coordinated attacks from multiple sources/computers flood a resource, making it unresponsive.

Section 1.3: Mitigating Threats

• Students should describe methods and resources to protect networks.
• They need to describe domains in network security.
• Explain Cisco SecureX architecture.
• Describe techniques to mitigate network attacks.
• Explain the security of Cisco routers/switches.

Topic 1.3.1: Defending the Network

• Best practices include creating security policies, training employees about risks (social engineering), controlling physical access to systems, using strong passwords, encrypting sensitive data, using security hardware, performing backups, shutting down unnecessary services, and keeping software up to date, installing and using appropriate security software .

Topic 1.3.2: Domains of Network Security

• Numerous domains covered in network security, including risk assessment, security policy, information security organization, asset management, human resources security, physical security, communications/operations management, and information systems acquisition, development, maintenance

Topic 1.3.3: Network Security Policy

• Security policies are crucial to establishing access rules, particularly for remote workers.

Topic 1.3.4: Mitigating Common Network Threats

• Best practices for mitigating various types of network threats, such as malware effects and general network attacks. Techniques to mitigate specific threats like worms are covered.

Topic 1.3.5: Cisco Network Foundation Protection Framework

• This framework describes how to secure the control, management, and data planes of a network.
  • Control Plane: Protects the routing protocols and IP routing tables using authentication, policing or AutoSecure.
  • Management Plane: Secures the processes and management sessions, using login policies, legal notifications, role-based access control, and authorization and reporting to control access to sensitive data.
  • Data Plane: Protects the forwarding table using access control lists (ACLs). Antispoofing is used, as well as Layer 2 security including port security, DHCP snooping, and Dynamic ARP Inspection (DAI)

Section 1.4: Summary

• Main objectives of the chapter are explained:
  • Network security explanation
  • Description of threats and attacks
  • Methods and tools to mitigate malware and network attacks