CCNA Security v2.0: Modern Network Threats

Questions and Answers

What are the possible vectors for data loss?

• Wireless networks, VPNs, firewalls, intrusion detection systems
• Data encryption, user authentication, access control, network segmentation
• Email/Webmail, Unencrypted Devices, Cloud Storage Devices, Removable Media, Hard Copy, Improper Access Control (correct)
• Firewalls, Intrusion Detection Systems, Antivirus Software, Security Audits

What are common network security terms discussed in the content?

• Firewall, Router, Switch, Access Point
• Threat, Vulnerability, Mitigation, Risk (correct)
• Packet filtering, stateful inspection, network address translation, deep packet inspection
• TCP, UDP, IP, HTTP

What types of networks are typically present in a campus area network?

• Cloud services, mobile devices, and internet of things (IoT) devices
• Home computers, internet routers, and wireless access points
• Branch offices, remote users, and data centers
• Servers, workstations, printers, and network devices (correct)

What are the key drivers behind network security?

Increasing network complexity, evolving threats, and growing reliance on digital assets (B)

What are the different types of network topologies discussed in the content?

Campus Area Networks, Small Office and Home Office Networks, Wide Area Networks (D)

What type of security measure is NOT mentioned as part of outside perimeter security?

Biometric Access and Exit Sensors (D)

Which of the following is NOT a type of hacker, as described in the provided content?

White Hat Hackers (B)

Which of these is NOT listed as a security tool used for penetration testing?

Firewall Management (A)

Which penetration testing tool is used to analyze security vulnerabilities by sending random data to a system under test?

Fuzzers (A)

What kind of tool is used to investigate incidents involving cybercrime or network security breaches to discover evidence?

Forensic Tools (D)

Which of the following are types of reconnaissance attacks?

Vulnerability scanners (B)

Which of the following is NOT an example of a social engineering attack?

Password (A)

What is a botnet?

A network of infected machines controlled by a hacker (A)

What is the purpose of a 'man-in-the-middle' attack?

To intercept communication between two parties (C)

Which of the following is NOT a type of access attack?

Syn Flood (C)

What is the primary function of encryption when it comes to network security?

Maintaining confidentiality by hiding data from unauthorized access. (D)

Which of the following is NOT a component of the CIA Triad in network security?

Authenticity (D)

What is the core objective of ensuring data availability in network security?

Maintaining uninterrupted access to critical data and services. (D)

How does hashing contribute to data integrity in network security?

By verifying the authenticity of data by detecting any changes. (D)

A "Trojan Horse" type of malware is designed to disable security software.

True (A)

A "Worm" is a type of malware that can replicate itself and spread to other systems.

True (A)

A "Sniffer" is a network hacking attack that intercepts data transmitted across a network.

False (B)

A "Denial-of-service" attack compromises the confidentiality of sensitive data.

False (B)

A "Script Kiddie" is a highly skilled hacker with extensive knowledge of network security.

False (B)

The "Code Red Worm" was dormant for 7 days after its initial infection.

False (B)

Penetration testing tools are solely used for illegal activities.

False (B)

Biometric access and exit sensors are typically used for inside perimeter security.

True (A)

Packet sniffers are primarily used to detect and analyze network traffic.

True (A)

Continuous video surveillance is a security measure mainly used for outside perimeter security, not inside.

False (B)

A "Smurf Attack" is a type of reconnaissance attack.

False (B)

A "Port Scan" is used as a reconnaissance technique.

True (A)

A "Buffer Overflow" is a type of access attack.

True (A)

A "DDoS" attack involves a network of infected machines known as a "botnet" and the compromised computers are called "zombies."

True (A)

A "Tailgating" attack is a form of social engineering that involves tricking someone to give you their password.

False (B)

Confidentiality is a component of the CIA triad.

True (A)

Encryption contributes to the availability of data.

False (B)

Hashing is used to maintain the integrity of data.

True (A)

A botnet is a network of compromised computers controlled by a hacker.

True (A)

The CIA triad is a collection of domains for network security.

False (B)

Flashcards

Network Security

Protection measures taken to guard networks against breaches and attacks.

Threat

Any potential danger that can harm the network's security or integrity.

Vulnerability

A weakness in the network that can be exploited by threats.

Mitigation

Strategies and actions taken to reduce the impact of threats and vulnerabilities.

Data Loss Vectors

Channels through which data can be lost or compromised.

Outside perimeter security

Measures taken to protect the outer boundaries of a facility.

Inside perimeter security

Security measures implemented within the inner area of a facility.

Modern hacking titles

Categories that define different types of hackers today.

Penetration testing tools

Tools used to test the vulnerabilities of a computer system or network.

Malware

Malicious software designed to harm or exploit any programmable device.

DDoS Attack

A Distributed Denial of Service attack aims to overwhelm a network or server with traffic, causing it to become unavailable.

CIA Triad

Confidentiality, Integrity, and Availability, key principles of network security.

Confidentiality

Ensures sensitive information is accessed only by authorized users, often using encryption.

Integrity

Maintains the accuracy and consistency of data over its lifecycle, commonly using hashing techniques.

Availability

Ensures that data is accessible to users when needed, preventing downtime.

Reconnaissance Attacks

Initial methods used to gather information about a target network.

Access Attacks

Attacks aimed at retrieving data, gaining access, or escalating privileges.

Denial of Service (DoS) Attacks

Attacks that aim to make a network resource unavailable to users.

Social Engineering Attacks

Manipulated interactions to deceive users into divulging confidential information.

Script Kiddies

Inexperienced hackers using pre-made tools to exploit vulnerabilities.

Hacktivists

Hackers who use their skills for political activism or social change.

Password Crackers

Tools designed to recover passwords from data that has been stored in or sent by a computer system.

Network Scanning

The process of discovering active devices on a network and their services.

Eavesdropping

Intercepting private communications on a network without consent.

IP Address Spoofing

Masquerading as a different IP address to gain unauthorized access.

Trojan Horse Classifications

Different types of Trojans, including those that disable security or send data.

Worms

Malicious software that replicates itself to spread across networks.

Denial-of-Service Attacks

Attacks aimed at overwhelming a network resource to render it inaccessible.

Ransomware

Malware that encrypts files and demands payment for access.

Phishing

Fraudulent attempts to acquire sensitive information by masquerading as trustworthy.

Port Scanning

The process of probing a server for open ports that can be exploited.

Social Engineering

Manipulating people to gain access to confidential information.

Encryption

A method to protect data by converting it into a coded format that is unreadable without a key.

Cisco SecureX Architecture

A framework designed to integrate security solutions and streamline threat detection and response.

Defending the Network

Strategies and tools used to protect network infrastructure from attacks and vulnerabilities.

Network Security Professionals

Experts responsible for protecting networks from attacks through monitoring and implementing security measures.

Study Notes

Modern Network Security Threats

• The presentation is about modern network security threats.
• The course is CCNA Security v2.0.
• The presenter is Dr. Nadhir Ben Halima.
• The presentation outlines the following topics:
  • Introduction
  • Securing networks
  • Network threats
  • Mitigating threats
  • Summary

Securing Networks

• The current network security landscape needs to be described.
• All types of networks require protection.

Current State of Affairs

• Networks are targets for various attacks.

Networks Are Targets

• Data shows attack origins, targets, and attack types.
• Locations of attacks and perpetrators are presented on a world map.
• The data represents past attacks (2015).

Drivers for Network Security

• Common network security terms are:
  • Threat
  • Vulnerability
  • Mitigation
  • Risk
• The presentation includes examples of vulnerabilities and their severity scores.

Vectors of Network Attacks

• External threats attack via the internet.
• Internal threats attack from compromised hosts.

Data Loss

• Vectors of data loss include:
  • Email/Webmail
  • Unencrypted Devices
  • Cloud Storage Devices
  • Removable Media
  • Hard Copy
  • Improper Access Control

Network Topology Overview

• Different network topologies (Campus Area Networks, SOHO Networks, Wide Area Networks, and Data Center Networks) are shown.
• Each topology has a diagram illustrating the components and their connections.

Campus Area Networks

• Components include:
  • AAA Server
  • ASA Firewall
  • Layer 3 Switches
  • Layer 2 Switches
  • Web Server
  • Email Server
  • DHCP Server
  • Hosts
  • VPN
  • IPS
  • ESA/WSA

Small Office and Home Office Networks

• Components include:
  • Wireless router
  • Layer 2 switch
  • Wireless host
  • Desktop computers

Wide Area Networks

• Components include:
  • Branch Site
  • POP (Point of Presence)
  • Regional Site
  • SOHO Site
  • Mobile Worker
  • Main Site
  • Cisco ASA Firewall
  • Corporate

Data Center Networks

• Outside perimeter security includes:
  • On-premise security officers
  • Fences and gates
  • Continuous video surveillance
  • Security breach alarms
• Inside perimeter security includes:
  • Electronic motion detectors
  • Security traps
  • Continuous video surveillance
  • Biometric access and exit sensors

Network Threats

• An understanding of the evolution of network security is crucial.
• The different types of attack tools used by hackers need to be described.
• Malware needs to be described.
• Common network attacks should be explained.

Who is Hacking Our Networks?

• Different types of hackers are discussed:
  • Script Kiddies
  • Vulnerability Brokers
  • Hacktivists
  • Cyber Criminals
  • State-Sponsored Hackers
• The presentation also includes White Hat Hackers, Grey Hat Hackers, and Black Hat Hackers.

Hacker Tools

• The various types of attack tools used by hackers are discussed.

Introduction of Attack Tools

• Shows the trend of increasing sophistication of attack tools and technical knowledge needed over time.

Evolution of Security Tools

• The evolution of security tools is discussed (like Penetration testing tools, Forensic, Debuggers).

Categories of Attack Tools

• Network hacking attacks are outlined, including:
  • Eavesdropping
  • Data modification
  • IP address spoofing
  • Denial-of-service
  • Man-in-the-middle
  • Compromised-key
  • Sniffer

Malware

• Various types of malware are presented and defined in detail, such as viruses, worms, and Trojan horses. Diagrams illustrating the different malwares are shown.

Viruses

• A malicious program is described.
• A Warning! slide about virus alert is included

Trojan Horse Classification

• Types of Trojan Horses are reviewed (security software disabler, remote-access, data-sending, destructive, proxy, FTP, DoS).

Worms

• Initial Code Red Worm Infection and later infection spread details are shown in world maps.
• The worm propagation steps are highlighted, including the repeat cycle, propagation details and attack steps.

Other Malware

• Shows other types of Malware, such as Adware, Spyware, Rootkits, and Scareware, and Phishing.

Common Network Attacks

• Types of common Network Attacks (Syn Flood, Smurf, Reconnaissance, DoS, etc) are discussed. Diagrams are displayed

Reconnaissance Attacks

• Initial query a target network
• Ping sweep of the target (network)
• Port scan of active IP addresses
• Exploit vulnerability scanners
• Using exploitation tools

Access Attacks

• A few reasons why hackers use access attacks are:
  • To retrieve data
  • To gain access
  • To escalate access privileges
• Examples of access attacks are presented (password attacks, port redirection, man-in-the-middle attacks, buffer overflow, IP, MAC, and DHCP spoofing.

Social Engineering Attacks

• Types of social engineering attacks are reviewed (Pretexting, Phishing, Spearphishing).
• Descriptions and examples for each attack are given.
• Other methods include Spam, Tailgating, and Something for Something.

Denial of Service Attacks

• A denial-of-service attack is explained with a diagram showing multiple pings targeting a web server, overwhelming it until it cannot respond.

DDoS Attacks

• How hackers build a network of infected machines (botnet) and control them to launch a distributed denial-of-service attack is discussed.
• The concept of zombies is explained.

Mitigating Threats

• Methods and resources to protect networks are described.
• A collection of domains for network security is described.
• The purpose of Cisco SecureX Architecture is explained.
• Techniques to mitigate common network attacks are described.
• How to secure three functional areas (control, management, and data planes) of Cisco routers and switches is explained.
• Specific steps such as developing policy, educating employees, controlling physical access, and using strong passwords are suggested to mitigate threats.

Defending the Network

• Best practices for network defense are detailed (developing a security policy, educating employees, controlling physical access).
• Best practice recommendations are outlined, including password policies, data encryption, and data backup.
• Tools to mitigate malware (antivirus software, anti-spyware, firewall, anti-spam) are outlined.
• Methods to mitigate worms (inoculation, containment, quarantine, treatment) are discussed with an accompanying diagram.

Mitigating Reconnaissance Attacks

• Ways to mitigate reconnaissance attacks:
  • Implement authentication for proper access.
  • Use encryption and tools to detect packet sniffer attacks
    • implement a switched infrastructure.
  • Use a firewall and IPS

Mitigating Access Attacks

• Recommendations for password security (using strong passwords, the Principle of minimum trust, Cryptography).
• The importance of applying operating system and application patches to prevent potential vulnerabilities and security exploits.

Mitigating DoS Attacks

• Using IPS and firewalls (Cisco ASAs and ISRs) and Antispoofing technologies, and Quality of Service-traffic policing are suggestions for mitigating DoS attacks.

Cisco Network Foundation Protection Framework

• The NFP Framework is explained in terms of control and management planes.

Securing the Control Plane

• AutoSecure and Routing protocol authentication and Control Plane Policing (CoPP) techniques are reviewed

Securing the Management Plane

• A review of best practices for Securing the Management Plane (Enabling login/password policy, Presenting legal notifications, Ensuring confidentiality of data, Role-based control, Authorizing actions, and enabling management reporting.

Securing the Data Plane

• ACLs and Antispoofing, and Layer 2 security strategies are detailed for securing the Data Plane.

Summary

• Chapter objectives are to explain network security, describe different types of threats and attacks, and explain tools/procedures for mitigating the effects of malware and common network attacks.