CCNA Security v2.0: Modern Network Security Threats

Questions and Answers

Which of these is an example of an inside perimeter security measure?

• Fences and gates
• On-premise security officers
• Electronic motion detectors (correct)
• Continuous video surveillance

Which of the following is NOT a title associated with modern hacking?

• Script Kiddies
• State-Sponsored Hackers
• Cyber Investigators (correct)
• Vulnerability Brokers

What type of tool would be used to identify vulnerabilities in a system?

• Packet Sniffer
• Vulnerability Scanner (correct)
• Packet crafter
• Rootkit detector

Which of the following is a tool that can be used for network scanning and hacking?

All of the above (D)

Which of the following is a security measure used on the outside perimeter?

Fences and gates (A)

Which of the following is NOT identified as a common network security term?

Containment (A)

Which of these is LEAST likely to be a vector of data loss?

Encrypted USB Drive (B)

Which type of network is often associated with large organizations in a single geographical area?

Campus Area Network (D)

What is the PRIMARY purpose of 'mitigation', within the context of network security?

To decrease the risk and impact of threats (D)

Which of these is MOST likely to be a characteristic of a Wide Area Network (WAN)?

Connects different networks across large distances (B)

Which of the following is a network hacking attack that involves intercepting network traffic?

Eavesdropping (A)

Which type of malware is characterized by its ability to self-replicate and spread across networks?

Worm (C)

A Trojan horse that disables security software falls under which classification?

Security software disabler (A)

What is the initial phase of the Code Red worm's activity?

Enabling vulnerability (D)

Which of these is NOT a typical component of a worm?

Eavesdropping (A)

Which of the following is a type of malware?

Spyware (B)

What is the primary goal of a reconnaissance attack?

To gather information about a target (D)

Which of the following is considered an access attack?

Man-in-the-middle (B)

Which of these techniques is commonly used in social engineering attacks?

Pretexting (D)

In the context of DDoS attacks, what are compromised computers called?

Zombies (B)

A 'vulnerability' is a weakness that can be exploited to cause harm to a network or system.

True (A)

Email and webmail are not considered a vector of data loss.

False (B)

Small office and home office networks don't typically need security protections as they rarely have valuable data.

False (B)

Unencrypted devices are not a significant vector for data loss.

False (B)

A 'threat' is an event that has the potential to cause harm to a network system.

True (A)

Ransomeware is a form of malware.

True (A)

A smurf attack is a type of access attack.

False (B)

A 'port scan' is a form of a reconnaissance attack.

True (A)

Man-in-the-middle attacks are an example of password attacks.

False (B)

In a DDoS attack, infected machines are referred to as 'handlers'.

False (B)

Fences and gates are a form of inside perimeter security.

False (B)

Script kiddies are considered a modern hacking title.

True (A)

Password crackers can be used as penetration testing tools.

True (A)

Security traps are an example of outside perimeter security.

False (B)

State-sponsored hackers are not considered a modern hacking title.

False (B)

Eavesdropping is a type of network hacking attack.

True (A)

A proxy Trojan horse is one that aims to disable user security software.

False (B)

Data modification involves changing data in transit or at rest.

True (A)

Worms require user interaction to spread from one device to another.

False (B)

A 'sniffer' is a tool used to analyze network traffic and capture data.

True (A)

Flashcards

Network Threat

Any potential danger to a network's security, including malware, unauthorized access, and data breaches.

Vulnerability

A weakness in a network's security that can be exploited by attackers.

Mitigation

Actions taken to reduce the risk of a threat exploiting a vulnerability.

Risk

The likelihood that a threat will exploit a vulnerability and cause harm.

Campus Area Network (CAN)

A network connecting devices and resources within a building or campus.

Script Kiddies

Individuals with low skill who use readily available hacking tools and scripts for malicious activities.

Vulnerability Brokers

Individuals who discover and report vulnerabilities in software and systems to developers. They are sometimes referred to as ethical hackers.

Hacktivists

Individuals or groups motivated by political or social causes who use hacking techniques for activism.

Cyber Criminals

Individuals or organizations that engage in criminal activities using hacking tools and techniques for financial gain or other malicious purposes.

State-Sponsored Hackers

Hackers sponsored by governments to conduct espionage, cyberwarfare, or other activities in support of national interests.

Worm

A type of malware that spreads from computer to computer without human interaction. It can replicate itself and spread without user intervention.

Trojan Horse

A type of malware that disguises itself as a legitimate program to gain access to a computer system. It can then steal data, install other malware, or take control of the system.

Virus

A type of malware that can replicate itself and spread from one computer to another, usually by attaching itself to files or programs.

Denial-of-service Attack

A type of attack that aims to prevent legitimate users from accessing a computer system or network. It can achieve this by overwhelming the system with requests or by exploiting vulnerabilities.

Man-in-the-middle Attack

A type of attack where an attacker intercepts communications between two parties, often to steal data. The attacker may impersonate one of the parties to trick the other party into providing sensitive information.

Denial of Service (DoS) Attacks

A cyberattack aimed at preventing legitimate users from accessing a resource or service. This is typically achieved by overwhelming the targeted system with traffic.

Distributed Denial of Service (DDoS) Attacks

A type of DoS attack where a network of compromised computers, called zombies, are controlled by a handler to flood the target with traffic. This traffic can overwhelm the target's resources, making it unavailable.

Access Attacks

A class of cyberattacks that aim to gain unauthorized access to a target system or network. Hackers might employ different techniques, such as exploiting vulnerabilities or tricking users into revealing sensitive credentials.

Reconnaissance Attacks

A type of network attack where the attacker tries to gather information about the target. It could involve scanning for open ports, analyzing network traffic, or probing for weak security configurations.

Phishing

A type of social engineering attack where attackers employ deceptive tactics to convince a victim to divulge sensitive information or grant access to a system. This involves impersonating a legitimate entity or creating a sense of urgency.

What is a worm?

A type of malware that spreads from computer to computer without human interaction.

What is a security software disabler Trojan Horse?

A classification of Trojan Horses that can disable security software on a computer.

What is the propagation mechanism of a worm?

The ability of a worm to replicate itself and spread to other computers.

What is a Trojan Horse?

A type of malware that disguises itself as something legitimate to gain access to a computer.

What is a remote-access Trojan?

A type of Trojan that gives the attacker remote access to your computer.

Current Network Security Landscape

The current network security landscape is constantly evolving, with new threats and vulnerabilities emerging frequently.

Why all networks need protection

Networks need protection from various threats, including unauthorized access, malware, and data breaches. All types of networks, from home networks to corporate networks, are vulnerable and require security measures.

Social Engineering Attack

Attacks that involve manipulating people, often by using deception or impersonation to trick them into revealing sensitive information or granting access to a system. It exploits human psychology and trust to achieve malicious goals.

Study Notes

Chapter 1: Modern Network Security Threats

• This chapter covers modern network security threats.
• The course is CCNA Security v2.0, taught by Dr. Nadhir Ben Halima.
• The course is part of the Cisco Networking Academy.

Chapter Outline

• Introduction to network security
• Securing networks
• Network threats
• Mitigating threats
• Summary

Section 1.1: Securing Networks

• Upon completion, students should be able to:
  • Describe the current network security landscape.
  • Explain why all types of networks need protection.

Topic 1.1.1: Current State of Affairs

• Networks are targets
• Attacks originate from various countries
• Various types of attacks occur

Topic 1.1.2: Network Topology Overview

• Campus Area Networks (CANs)
• Diagram shows a CAN with AAA servers, firewalls, VPN, IPS, Layer 3/2 switches, DHCP server, web server, email server, and hosts.
• Small Office and Home Office (SOHO) networks illustrated
• Diagram shows a SOHO network with a wireless router, a layer 2 switch, and wireless hosts, a desktop and printer
• Wide Area Networks (WANs)
• Diagram displays a WAN with branch sites, a POP, regional sites, Cisco ASA firewall, a mobile worker, a Corporate site and a SOHO site.
• Data Center Networks (DCNs)
• Includes outside perimeter security (security officers, fences, gates, video surveillance, alarms)
• Inside perimeter security (motion detectors, traps, video surveillance, biometric sensors)

Section 1.2: Network Threats

• Students should be able to:
  • Describe the evolution of network security
  • Describe various attack tools used by hackers
  • Describe malware
  • Explain common network attacks

Topic 1.2.1: Who is Hacking Our Networks?

• Different types of hackers:
  • Script Kiddies
  • Vulnerability Brokers
  • Hacktivists
  • Cyber Criminals
  • State-Sponsored Hackers

Topic 1.2.2: Hacker Tools

• Different types of hacker tools
• Sophistication of attacker tools has increased over time.
• Sophistication of attacker tools from 1985 to 2015 has steadily increased

Topic 1.2.3: Malware

• Definition of virus
• Illustration of a virus diagram showing the network and computers
• Illustration of how a worm executes arbitrary code and installs copies of itself in the memory
• Illustration of a trojan horse attacking a device from within
• Illustration of a Trojan Horse diagram showing the various types of attacks
• Various types of malware:
  • Viruses
  • Worms
• Code Red Worm example, a worm's propagation
• Trojans Horses
• Spyware
• Rootkits
• Adware

Topic 1.2.4: Common Network Attacks

• Various types of network attacks:

  • Data modification
  • Reconnaissance
  • Denial-of-Service(DoS)
  • Syn Flood
  • Smurf Attack
  • Reconnaissance Attacks
    • Initial query of a target network
    • Ping sweep of the target network
    • Port scan of active IP addresses
    • Vulnerability scanners
    • Exploitation tools
  • Access Attacks
    • Password
    • Port Redirection
    • Man-in-the-middle
    • Buffer overflow
    • IP, MAC, DHCP spoofing
  • Social Engineering Attacks
    • Pretexting
    • Phishing
    • Spearphishing
    • Spam
    • Tailgating
    • Something for Something

• DDoS attacks.

• DDoS attack is a distributed denial-of-service attack performed by a botnet

• Botnet terminology: The compromised computers are called zombies, controlled by a handler system.

Section 1.3: Mitigating Threats

• Students will learn methods and resources to protect networks.
• Domains of network security
• Methods to mitigate common network attacks
• Securing the three functional areas of Cisco routers and switches.

Topic 1.3.1: Defending the Network

• Best practices for network defense:
  • Develop a written security policy
  • Educate employees about risks of social engineering
  • Control physical access to systems
  • Implement security hardware
  • Perform backups
  • Shut down unnecessary services
  • Keep software up-to-date
  • Perform security audits

Topic 1.3.2: Domains of Network Security

• Domains of network security:
  • Risk assessment
  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Information systems acquisition, development, and maintenance
  • Access control
  • Information security incident management
  • Business continuity management
  • Compliance

Topic 1.3.3: Cisco Network Foundation Protection Framework

• Framework diagram displays the control plane, management plane, and data plane

Topic 1.3.4: Mitigating Common Network Threats

• Summary of mitigation techniques
• Techniques to mitigate malware
• Techniques to mitigate common network threats
• Techniques for mitigating various other attacks, such as worms and DoS

Topic 1.3.5: Network Security Policy Objectives

• Questions to consider:
  • What do you have that others want?
  • What are critical data or information systems?
  • What would stop an organization from fulfilling its mission?

Section 1.4: Summary

• Summary of network security concepts, attacks, and mitigation techniques are included
• Chapter objectives are restated

Additional Considerations

• Network security professionals and organizations are discussed
• Confidentiality, integrity, and availability (CIA) of a network are also addressed