CCNA Security v2.0: Modern Network Threats

Questions and Answers

What are the possible vectors for data loss?

Wireless networks, VPNs, firewalls, intrusion detection systems

Data encryption, user authentication, access control, network segmentation

Email/Webmail, Unencrypted Devices, Cloud Storage Devices, Removable Media, Hard Copy, Improper Access Control (correct)

Firewalls, Intrusion Detection Systems, Antivirus Software, Security Audits

What are common network security terms discussed in the content?

Firewall, Router, Switch, Access Point

Threat, Vulnerability, Mitigation, Risk (correct)

Packet filtering, stateful inspection, network address translation, deep packet inspection

TCP, UDP, IP, HTTP

What types of networks are typically present in a campus area network?

Cloud services, mobile devices, and internet of things (IoT) devices

Home computers, internet routers, and wireless access points

Branch offices, remote users, and data centers

Servers, workstations, printers, and network devices (correct)

What are the key drivers behind network security?

Increasing network complexity, evolving threats, and growing reliance on digital assets (B)

What are the different types of network topologies discussed in the content?

Campus Area Networks, Small Office and Home Office Networks, Wide Area Networks (D)

What type of security measure is NOT mentioned as part of outside perimeter security?

Biometric Access and Exit Sensors (D)

Which of the following is NOT a type of hacker, as described in the provided content?

White Hat Hackers (B)

Which of these is NOT listed as a security tool used for penetration testing?

Firewall Management (A)

Which penetration testing tool is used to analyze security vulnerabilities by sending random data to a system under test?

Fuzzers (A)

What kind of tool is used to investigate incidents involving cybercrime or network security breaches to discover evidence?

Forensic Tools (D)

Which of the following are types of reconnaissance attacks?

Vulnerability scanners (B)

Which of the following is NOT an example of a social engineering attack?

Password (A)

What is a botnet?

A network of infected machines controlled by a hacker (A)

What is the purpose of a 'man-in-the-middle' attack?

To intercept communication between two parties (C)

Which of the following is NOT a type of access attack?

Syn Flood (C)

What is the primary function of encryption when it comes to network security?

Maintaining confidentiality by hiding data from unauthorized access. (D)

Which of the following is NOT a component of the CIA Triad in network security?

Authenticity (D)

What is the core objective of ensuring data availability in network security?

Maintaining uninterrupted access to critical data and services. (D)

How does hashing contribute to data integrity in network security?

By verifying the authenticity of data by detecting any changes. (D)

A "Trojan Horse" type of malware is designed to disable security software.

True (A)

A "Worm" is a type of malware that can replicate itself and spread to other systems.

True (A)

A "Sniffer" is a network hacking attack that intercepts data transmitted across a network.

False (B)

A "Denial-of-service" attack compromises the confidentiality of sensitive data.

False (B)

A "Script Kiddie" is a highly skilled hacker with extensive knowledge of network security.

False (B)

The "Code Red Worm" was dormant for 7 days after its initial infection.

False (B)

Penetration testing tools are solely used for illegal activities.

False (B)

Biometric access and exit sensors are typically used for inside perimeter security.

True (A)

Packet sniffers are primarily used to detect and analyze network traffic.

True (A)

Continuous video surveillance is a security measure mainly used for outside perimeter security, not inside.

False (B)

A "Smurf Attack" is a type of reconnaissance attack.

False (B)

A "Port Scan" is used as a reconnaissance technique.

True (A)

A "Buffer Overflow" is a type of access attack.

True (A)

A "DDoS" attack involves a network of infected machines known as a "botnet" and the compromised computers are called "zombies."

True (A)

A "Tailgating" attack is a form of social engineering that involves tricking someone to give you their password.

False (B)

Confidentiality is a component of the CIA triad.

True (A)

Encryption contributes to the availability of data.

False (B)

Hashing is used to maintain the integrity of data.

True (A)

A botnet is a network of compromised computers controlled by a hacker.

True (A)

The CIA triad is a collection of domains for network security.

False (B)

Study Notes

Modern Network Security Threats

• The presentation is about modern network security threats.
• The course is CCNA Security v2.0.
• The presenter is Dr. Nadhir Ben Halima.
• The presentation outlines the following topics:
  • Introduction
  • Securing networks
  • Network threats
  • Mitigating threats
  • Summary

Securing Networks

• The current network security landscape needs to be described.
• All types of networks require protection.

Current State of Affairs

• Networks are targets for various attacks.

Networks Are Targets

• Data shows attack origins, targets, and attack types.
• Locations of attacks and perpetrators are presented on a world map.
• The data represents past attacks (2015).

Drivers for Network Security

• Common network security terms are:
  • Threat
  • Vulnerability
  • Mitigation
  • Risk
• The presentation includes examples of vulnerabilities and their severity scores.

Vectors of Network Attacks

• External threats attack via the internet.
• Internal threats attack from compromised hosts.

Data Loss

• Vectors of data loss include:
  • Email/Webmail
  • Unencrypted Devices
  • Cloud Storage Devices
  • Removable Media
  • Hard Copy
  • Improper Access Control

Network Topology Overview

• Different network topologies (Campus Area Networks, SOHO Networks, Wide Area Networks, and Data Center Networks) are shown.
• Each topology has a diagram illustrating the components and their connections.

Campus Area Networks

• Components include:
  • AAA Server
  • ASA Firewall
  • Layer 3 Switches
  • Layer 2 Switches
  • Web Server
  • Email Server
  • DHCP Server
  • Hosts
  • VPN
  • IPS
  • ESA/WSA

Small Office and Home Office Networks

• Components include:
  • Wireless router
  • Layer 2 switch
  • Wireless host
  • Desktop computers

Wide Area Networks

• Components include:
  • Branch Site
  • POP (Point of Presence)
  • Regional Site
  • SOHO Site
  • Mobile Worker
  • Main Site
  • Cisco ASA Firewall
  • Corporate

Data Center Networks

• Outside perimeter security includes:
  • On-premise security officers
  • Fences and gates
  • Continuous video surveillance
  • Security breach alarms
• Inside perimeter security includes:
  • Electronic motion detectors
  • Security traps
  • Continuous video surveillance
  • Biometric access and exit sensors

Network Threats

• An understanding of the evolution of network security is crucial.
• The different types of attack tools used by hackers need to be described.
• Malware needs to be described.
• Common network attacks should be explained.

Who is Hacking Our Networks?

• Different types of hackers are discussed:
  • Script Kiddies
  • Vulnerability Brokers
  • Hacktivists
  • Cyber Criminals
  • State-Sponsored Hackers
• The presentation also includes White Hat Hackers, Grey Hat Hackers, and Black Hat Hackers.

Hacker Tools

• The various types of attack tools used by hackers are discussed.

Introduction of Attack Tools

• Shows the trend of increasing sophistication of attack tools and technical knowledge needed over time.

Evolution of Security Tools

• The evolution of security tools is discussed (like Penetration testing tools, Forensic, Debuggers).

Categories of Attack Tools

• Network hacking attacks are outlined, including:
  • Eavesdropping
  • Data modification
  • IP address spoofing
  • Denial-of-service
  • Man-in-the-middle
  • Compromised-key
  • Sniffer

Malware

• Various types of malware are presented and defined in detail, such as viruses, worms, and Trojan horses. Diagrams illustrating the different malwares are shown.

Viruses

• A malicious program is described.
• A Warning! slide about virus alert is included

Trojan Horse Classification

• Types of Trojan Horses are reviewed (security software disabler, remote-access, data-sending, destructive, proxy, FTP, DoS).

Worms

• Initial Code Red Worm Infection and later infection spread details are shown in world maps.
• The worm propagation steps are highlighted, including the repeat cycle, propagation details and attack steps.

Other Malware

• Shows other types of Malware, such as Adware, Spyware, Rootkits, and Scareware, and Phishing.

Common Network Attacks

• Types of common Network Attacks (Syn Flood, Smurf, Reconnaissance, DoS, etc) are discussed. Diagrams are displayed

Reconnaissance Attacks

• Initial query a target network
• Ping sweep of the target (network)
• Port scan of active IP addresses
• Exploit vulnerability scanners
• Using exploitation tools

Access Attacks

• A few reasons why hackers use access attacks are:
  • To retrieve data
  • To gain access
  • To escalate access privileges
• Examples of access attacks are presented (password attacks, port redirection, man-in-the-middle attacks, buffer overflow, IP, MAC, and DHCP spoofing.

Social Engineering Attacks

• Types of social engineering attacks are reviewed (Pretexting, Phishing, Spearphishing).
• Descriptions and examples for each attack are given.
• Other methods include Spam, Tailgating, and Something for Something.

Denial of Service Attacks

• A denial-of-service attack is explained with a diagram showing multiple pings targeting a web server, overwhelming it until it cannot respond.

DDoS Attacks

• How hackers build a network of infected machines (botnet) and control them to launch a distributed denial-of-service attack is discussed.
• The concept of zombies is explained.

Mitigating Threats

• Methods and resources to protect networks are described.
• A collection of domains for network security is described.
• The purpose of Cisco SecureX Architecture is explained.
• Techniques to mitigate common network attacks are described.
• How to secure three functional areas (control, management, and data planes) of Cisco routers and switches is explained.
• Specific steps such as developing policy, educating employees, controlling physical access, and using strong passwords are suggested to mitigate threats.

Defending the Network

• Best practices for network defense are detailed (developing a security policy, educating employees, controlling physical access).
• Best practice recommendations are outlined, including password policies, data encryption, and data backup.
• Tools to mitigate malware (antivirus software, anti-spyware, firewall, anti-spam) are outlined.
• Methods to mitigate worms (inoculation, containment, quarantine, treatment) are discussed with an accompanying diagram.

Mitigating Reconnaissance Attacks

• Ways to mitigate reconnaissance attacks:
  • Implement authentication for proper access.
  • Use encryption and tools to detect packet sniffer attacks
    • implement a switched infrastructure.
  • Use a firewall and IPS

Mitigating Access Attacks

• Recommendations for password security (using strong passwords, the Principle of minimum trust, Cryptography).
• The importance of applying operating system and application patches to prevent potential vulnerabilities and security exploits.

Mitigating DoS Attacks

• Using IPS and firewalls (Cisco ASAs and ISRs) and Antispoofing technologies, and Quality of Service-traffic policing are suggestions for mitigating DoS attacks.

Cisco Network Foundation Protection Framework

• The NFP Framework is explained in terms of control and management planes.

Securing the Control Plane

• AutoSecure and Routing protocol authentication and Control Plane Policing (CoPP) techniques are reviewed

Securing the Management Plane

• A review of best practices for Securing the Management Plane (Enabling login/password policy, Presenting legal notifications, Ensuring confidentiality of data, Role-based control, Authorizing actions, and enabling management reporting.

Securing the Data Plane

• ACLs and Antispoofing, and Layer 2 security strategies are detailed for securing the Data Plane.

Summary

• Chapter objectives are to explain network security, describe different types of threats and attacks, and explain tools/procedures for mitigating the effects of malware and common network attacks.

Description

This quiz explores modern network security threats as covered in the CCNA Security v2.0 course. Presented by Dr. Nadhir Ben Halima, it covers key topics including securing networks, common vulnerabilities, and the landscape of network attacks. Test your knowledge on how to mitigate these threats effectively.