CCNA Security v2.0 Chapter 1: Network Threats

Questions and Answers

Which of the following best describes a 'threat' in the context of network security?

• A potential danger that could exploit a vulnerability. (correct)
• A weakness or gap in a security system.
• A measure taken to eliminate risk.
• The process of reducing the likelihood of a threat.

Which of these is NOT typically considered a vector for data loss?

• Removable media, like USB drives.
• Email and Webmail services
• Cloud storage devices
• Encrypted external hard drives. (correct)

Which of these is NOT a common term related to network security drivers?

• Vulnerability
• Segmentation (correct)
• Mitigation
• Risk

What is the purpose of mitigating a risk?

To lessen the severity of a potential vulnerability or threat. (D)

Which of these network types is typically the largest in terms of geographical coverage?

Wide Area Network (WAN) (B)

Which network attack involves an attacker intercepting and altering communications between two parties?

Man-in-the-middle (A)

What is the primary function of a 'security software disabler' Trojan horse?

To disable antivirus or firewall software. (D)

Which malware type is known for its ability to self-replicate and spread rapidly across networks without requiring user interaction?

Worm (B)

What is a key difference between a virus and a worm?

Viruses require user interaction to spread, while worms can spread automatically. (C)

The 'Code Red Worm' is described as having a cycle of propagation, what was the behaviour in the first 19 days?

Propagating itself, by exploiting a vulnerability (B)

In a DDoS attack, who issues the instruction to the handler system to initiate the attack?

The hacker (B)

Which of these is NOT a primary objective of network security?

Scalability (B)

Which of the following is a characteristic of a reconnaissance attack?

Initial query of a target system. (D)

Which security concept involves ensuring that data is accessible when required?

Availability (D)

What is the primary purpose of an access attack?

To gain unauthorized access to systems or data. (D)

What primary method is used to safeguard the confidentiality of data?

Encryption (D)

Which of these describes the use of botnets in DDoS attacks?

Hackers control botnets consisting of infected 'zombies' to launch attacks. (C)

Which technique is primarily used to ensure data integrity?

Hashing (B)

Which of the following best exemplifies a social engineering attack technique?

Masquerading as a legitimate entity to trick someone into providing information. (D)

Which attack type involves sending a large volume of traffic to overwhelm a target and prevent legitimate users from accessing it?

Denial of Service attack (B)

A 'Vulnerability Broker' is a type of hacker who seeks to exploit security weaknesses for personal gain.

False (B)

Packet sniffers are security tools used to analyze and identify potential network vulnerabilities.

True (A)

The evolution of hacking tools has primarily focused on enhancing security measures and defending against threats.

False (B)

Biometric access and exit sensors are typically used for 'outside perimeter security' in a data center.

False (B)

Debuggers are primarily used for hacking operating systems by analyzing and manipulating their code.

True (A)

A 'Sniffer' is a type of network hacking attack that involves monitoring network traffic to capture data.

True (A)

The Code Red Worm is classified as a 'Trojan Horse' due to its destructive payload.

False (B)

One of the classifications of Trojan Horses is 'Remote-access', allowing attackers to control the infected system.

True (A)

The 'Code Red Worm' in its initial stage, targets vulnerabilities that are related to network security.

False (B)

IP address spoofing involves an attacker falsely claiming to be a different computer on the network to gain access to information.

True (A)

All types of networks need to be protected to ensure security.

True (A)

Email is not considered a vector of data loss.

False (B)

A vulnerability refers to a potential threat that could exploit a weakness in a network system.

False (B)

Data loss can occur due to improper access control measures.

True (A)

Cloud storage devices are not typically associated with data loss risks.

False (B)

A DDoS attack relies on a network of infected machines known as a botnet.

True (A)

Phishing is a type of reconnaissance attack that involves data modification.

False (B)

Access attacks may involve methods such as password attacks and IP spoofing.

True (A)

Social engineering attacks include techniques like pretexting and tailgating.

True (A)

A smurf attack is classified as an access attack rather than a denial of service attack.

False (B)

Flashcards

Threat

An intentional act that can cause harm to a network or its assets.

Vulnerability

A weakness or flaw in a network's security that can be exploited by an attacker.

Mitigation

Actions taken to reduce the risk of an attack and protect a network from harm.

Risk

The likelihood of a threat exploiting a vulnerability and causing harm.

Vector of Attack

A specific method or approach used by an attacker to gain access to a network or to compromise its security.

Worm

A type of malware that spreads from computer to computer without human interaction.

Trojan Horse

A malicious program disguised as legitimate software.

Virus

A type of malware that replicates itself and spreads to other systems.

Denial-of-service (DoS) attack

An attack that aims to prevent legitimate users from accessing a network or service.

Man-in-the-middle (MitM) attack

A type of attack where an attacker intercepts communication between two parties.

Botnet

A group of compromised computers controlled by a single attacker.

DDoS Attack

A type of attack that overwhelms a target with traffic, making it unavailable to legitimate users.

Confidentiality

The principle of ensuring data is only accessible to authorized individuals.

Integrity

The principle of ensuring data remains accurate and unmodified.

Availability

The principle of ensuring data is available to authorized users when needed.

Distributed Denial of Service (DDoS) Attack

A specific type of DoS attack where an attacker uses multiple compromised computers to flood a target with traffic, overwhelming it and making it unavailable.

Reconnaissance Attack

A type of attack that aims to gather information about a target network before launching further attacks. Techniques include ping sweeps, port scans, and vulnerability scanning.

Access Attack

A type of attack that aims to gain unauthorized access to a system or network, often using stolen credentials or exploits. Examples include password attacks, man-in-the-middle attacks, and buffer overflow attacks.

Social Engineering Attack

A type of attack that exploits human psychology to trick individuals into revealing sensitive information or granting access to systems. Examples include phishing, spearphishing, and social engineering.

Who is a Script Kiddie?

Hackers who are skilled in exploiting network vulnerabilities, often motivated by personal gain or curiosity.

Who is a Hacktivist?

These hackers are individuals or groups who hack for political or social causes.

Who is a Vulnerability Broker?

They are individuals or organizations that identify and report vulnerabilities to companies for a reward.

Who is a State-Sponsored Hacker?

These hackers are usually associated with government agencies and aim to steal information or disrupt enemy operations.

Who is a Cyber Criminal?

These hackers are motivated by financial gain. They use hacking to steal money, data, and other assets.

Data modification

The act of modifying data in transit between two parties, allowing the attacker to alter or steal sensitive information.

What are the main threats facing modern networks?

Modern networks face threats like data loss, security breaches, and service disruptions, impacting individuals and organizations.

Explain the relationship between 'threat', 'vulnerability' and 'mitigation' in network security.

A threat is an intentional act that can cause harm to a network or its assets. A vulnerability is a weakness or flaw in a network's security that can be exploited by an attacker. Mitigation represents actions taken to reduce risk and protect the network.

How can data be lost from a network?

Data loss can occur through various avenues, such as emails, unencrypted devices, cloud storage, removable media, hard copies, and improper access control.

Describe the characteristics of Campus Area Networks, SOHO networks, and Wide Area Networks.

Campus area networks (CANs) are typically found in schools, universities, or corporate offices. They connect devices within a single location. Small Office/Home Office (SOHO) networks are designed for smaller businesses or homes and use simple setups. Wide area networks (WANs) connect geographically dispersed locations.

Why is network topology important for security planning?

Understanding network topology is crucial for security planning. Different network types have varying security challenges and require tailored protection strategies.

Denial of Service Attack (DoS)

A network attack strategy designed to overwhelm a target with traffic, making its resources unavailable to legitimate users.

Distributed Denial of Service Attack (DDoS)

A type of DoS attack using a network of infected computers to overload a target.

Study Notes

Chapter 1: Modern Network Security Threats

• The chapter is about modern network security threats.
• Course name: CCNA Security v2.0
• Instructor: Dr. Nadhir Ben Halima
• The Cisco Networking Academy is the provider of this course.

Chapter Outline

• 1.0 Introduction: Introduction to the concepts of the topic.
• 1.1 Securing Networks: Describes the current network security landscape and why all types of networks need protection.
• 1.2 Network Threats: Discusses the evolution of network security and various hacking tools.
• 1.3 Mitigating Threats: Outlines methods and resources to protect networks, describes Cisco SecureX Architecture, and describes methods to mitigate common network attacks.
• 1.4 Summary: A summary of the chapter's objectives and key takeaways.

Section 1.1: Securing Networks

• Upon completion of this section, students will be able to:
  • Describe the current network security landscape.
  • Explain how all types of networks need to be protected.

Topic 1.1.1: Current State of Affairs

• Networks are targets
• Various countries and regions are affected by attacks.
• Attacker types are diverse, including:
  • Script Kiddies
  • Vulnerability Brokers
  • Hacktivists
  • Cyber Criminals
  • State-Sponsored Hackers

Topic 1.1.2: Network Topology Overview

• Campus Area Networks: Includes features like AAA servers, firewalls, VPNs, IPS, switches, servers (DHCP, email, web).
• Small Office and Home Office (SOHO) Networks: Features a wireless router, layer 2 switch, and computers.
• Wide Area Networks (WANs): Features branch, regional, and SOHO sites, mobile workers, corporate, and firewalls.
• Data Centers: Security features include on-site security personnel, fences, gates, continuous video surveillance, security breach alarms, electronic motion detectors, security traps, continuous video surveillance, and biometric access and exit sensors.

Section 1.2: Network Threats

• Upon completion of this section, students will be able to:
  • Describe the evolution of network security.
  • Describe the various types of attack tools used by hackers.
  • Describe malware.
  • Explain common network attacks.

Topic 1.2.1: Who is Hacking Our Networks?

• Modern hackers have various roles (titles):
  • Script Kiddies
  • Vulnerability Brokers
  • Hacktivists
  • Cyber Criminals
  • State-Sponsored Hackers
  • White Hat Hackers (ethical hacking)
  • Grey Hat Hackers
  • Black Hat Hackers

Topic 1.2.2: Hacker Tools

• Sophistication of attack tools increased over time
• Technical knowledge needed to use tools also increased over time

Topic 1.2.3: Malware

• Viruses
• Worms: Key components include enabling vulnerability, propagation mechanism, payload. Example: Code Red Worm.
• Trojans: Types include security software disabler, remote access, data-sending, destructive, proxy, FTP, DoS.
• Other malware types include:
  • ScareWare
  • Spyware
  • Adware
  • Phishing scams
  • Rootkits

Topic 1.2.4: Common Network Attacks

• Reconnaissance Attacks: Initial query of a target, ping sweep, port scan, vulnerability scanners, exploitation tools
• Access Attacks: Password attacks, port redirection, man-in-the-middle, buffer overflows, IP, MAC, DHCP spoofing.
• Social Engineering Attacks: Pretexting, phishing, spearphishing, spam, tailgating, something for something.
• Denial of Service (DoS) Attacks: Flooding the server with requests
• Distributed Denial-of-Service (DDoS) Attacks: Using a botnet of infected machines to flood a server with requests

Section 1.3: Mitigating Threats

• Upon completion of this section, students will be able to:
  • Describe methods and resources to protect the networks.
  • Describe a collection of domains for network security.
  • Explain the purpose of the Cisco SecureX Architecture.
  • Describe the techniques used to mitigate common network attacks.
  • Explain how to secure the three functional areas of Cisco routers and switches.

Topic 1.3.1: Defending the Network

• Network security professionals include:
  • Chief Information Officer (CIO)
  • Chief Information Security Officer (CISO)
  • Security Operations (SecOps) Manager
  • Chief Security Officer (CSO)
  • Network Security Manager
  • Network Security Engineer

Topic 1.3.2: Domains of Network Security

• Risk assessment
• Security policy
• Organization of information security
• Asset management
• Human resources security
• Physical and environmental security
• Communications and operations management
• Information systems acquisition, development, and maintenance
• Access control
• Information security incident management
• Business continuity management
• Compliance

Topic 1.3.3: Network Security Policy

• Network security policies provide rules for network access.
• Remote worker access rules might need to be different from onsite employees' access rules.

Topic 1.3.4: Mitigating Common Network Threats

• Best network security practices include:
  • Develop a written security policy.
  • Educate employees.
  • Validate identities.
  • Control physical access to systems.
  • Use strong passwords
  • Encrypt sensitive data
  • Implement security hardware and software.
  • Perform regular backups.
  • Shut down unnecessary services.
  • Update software and operating system patches.

Topic 1.3.5: Cisco Network Foundation Protection Framework

• NFP Framework depicts how Control Plane (exchange of routing information and routing protocol, IP routing table), Data Plane (incoming/outgoing IP packets and IP Forwarding Table), and Management Plane (management process and management sessions) interact on a network device.

Section 1.4: Summary

• Chapter Objectives:
  • Explain network security.
  • Describe various types of threats and attacks.
  • Explain tools and procedures to mitigate the effects of malware and common network attacks.