Modern Network Security Threats - CCNA Security

Questions and Answers

Which of the following is NOT categorized as a network hacking attack?

• Eavesdropping
• Denial-of-service
• Firewall breach (correct)
• Data modification

What type of malware is specifically designed to allow remote access to an infected system?

• Rabid worm
• Adware
• Virus
• Trojan horse (correct)

Which component of a worm is responsible for its ability to spread between systems?

• Payload
• Propagation mechanism (correct)
• Enabling vulnerability
• Dormant phase

Which classification of a Trojan horse is designed to disable security software?

Security software disabler (B)

What is a primary purpose of a sniffer in network attacks?

Intercept sensitive data (B)

Which of the following is classified as a modern hacking title?

Script Kiddies (D)

What type of security tool is used primarily to detect and analyze vulnerabilities in networks?

Vulnerability Scanner (C)

Which of the following is NOT an example of outside perimeter security?

Electronic motion detectors (C)

Which type of hacker is typically motivated by political or social agendas?

Hacktivists (B)

What does the term 'vulnerability' refer to in network security?

A potential weakness that can be exploited by threats (C)

Which of the following tools is used for penetration testing by simulating attacks on a network?

Network Scanning (C)

Which of the following is NOT a vector of data loss?

Social Media (A)

What is the primary focus when mitigating network threats?

Identifying and applying patches to software vulnerabilities (A)

Which network topology is specifically designed for improved communication in constrained local environments?

Campus Area Networks (D)

In the context of network security, what does 'risk' typically refer to?

The exposure to potential damage or loss due to vulnerabilities (B)

What is the primary purpose of encryption in network security?

To encrypt and hide data, ensuring confidentiality (D)

Which of the following is NOT a component of the CIA triad in network security?

Accountability (B)

How does hashing contribute to network security?

By ensuring that data is stored in an unaltered state (B)

What is one of the main roles of network security professionals?

To implement measures that protect networks from attacks (C)

What is the significance of the Cisco SecureX Architecture in network security?

It enables the protection of a wide array of network threats (B)

Biometric access and exit sensors are used in outside perimeter security.

False (B)

Vulnerability brokers are hackers who specialize in identifying and exploiting security flaws in systems.

False (B)

Password crackers are used for penetration testing, but not forensic analysis.

False (B)

Fuzzers are tools specifically designed to search for vulnerabilities in network operating systems only.

False (B)

Modern hacking titles typically include "Script Kiddies" and "Vulnerability Brokers".

True (A)

A "Threat" in network security refers to any potential danger which can exploit a vulnerability to cause harm.

True (A)

Data loss through unencrypted devices only applies to personal devices like phones and laptops.

False (B)

A "Campus Area Network" is a type of network designed for a limited geographical area, like a school or office building.

True (A)

Wide Area Networks use specialized networking technologies like VPNs to connect geographically dispersed locations and extend a network over a much larger area.

True (A)

A "vulnerability" is a weakness in a system's security that an attacker can exploit to gain unauthorized access.

True (A)

A "Smurf Attack" is classified as a Denial of Service attack.

True (A)

A 'Sniffer' is a type of malware.

False (B)

Social Engineering attacks primarily focus on exploiting vulnerabilities in computer systems.

False (B)

The Code Red worm's propagation mechanism involved a Denial-of-Service (DoS) attack.

True (A)

Buffer Overflow attacks fall under the category of Access Attacks.

True (A)

The 'Data-sending' classification of Trojan horses is specifically designed to disable security software.

False (B)

A 'Trojan Horse' is a type of network hacking attack.

False (B)

A "Ping Sweep" is a common technique used in Reconnaissance attacks.

True (A)

The term "Zombies" refers to compromised computers controlled by hackers within a botnet.

True (A)

The Code Red worm's initial infection involved exploiting a vulnerability in a web server.

True (A)

Flashcards

DDoS Attack

Distributed Denial of Service attack; overwhelms a target with traffic.

CIA Triad

A model for information security: Confidentiality, Integrity, Availability.

Confidentiality

Ensures data privacy through encryption.

Integrity

Ensures data is accurate and unaltered, often using hashing.

Availability

Guarantees that data is accessible when needed.

Network Security

The protection of computer networks from threats and vulnerabilities.

Threat

Any potential danger that could exploit a vulnerability in a network.

Vulnerability

A weakness in a network that can be exploited by threats.

Mitigation

Steps taken to reduce risk exposures and address vulnerabilities.

Data Loss Vectors

Methods through which data can be lost or compromised.

Eavesdropping

The act of secretly listening to private conversations or data transmissions.

Denial-of-service

An attack that aims to make a service unavailable to users by overwhelming it.

Trojan Horse

Malware disguised as legitimate software to trick users into installing it.

Worm

A self-replicating malware that spreads without user intervention, often causing damage.

Payload

The part of malware that performs the malicious action once delivered.

Perimeter Security

Measures taken to protect the outer boundary of a facility against unauthorized access.

Types of Hackers

Categories of individuals who exploit network vulnerabilities, including Script Kiddies, Hacktivists, and Cyber Criminals.

Malware

Malicious software designed to harm or exploit any programmable device or network.

Penetration Testing Tools

Tools used to test the security of a system by simulating attacks.

Network Attacks

Methods used to gain unauthorized access or disrupt services in a network.

Denial-of-Service (DoS)

An attack that prevents legitimate users from accessing a service.

Ransomware

A type of malware that locks or encrypts data, demanding payment for access.

Reconnaissance Attacks

Initial processes of gathering information about a target system.

Access Attacks

Attacks aimed at gaining unauthorized access to data or systems.

Social Engineering Attacks

Manipulative tactics used to trick individuals into divulging confidential information.

Network Security Landscape

The current state of threats and measures in network security.

Vectors of Network Attacks

The various ways attackers can exploit network vulnerabilities.

Data Loss

Loss of information due to various vulnerabilities and attacks.

Mitigation Strategies

Measures taken to reduce risks associated with network threats.

Common Network Threats

Typical dangers that can compromise network security.

Inside Perimeter Security

Security measures within a facility to protect from internal threats, including electronic motion detectors and biometric sensors.

Modern Hacking Titles

Categories of hackers: Script Kiddies, Vulnerability Brokers, Hacktivists, Cyber Criminals, and State-Sponsored Hackers.

Attack Tools

Software or tools employed by hackers to exploit vulnerabilities or gain unauthorized access.

Types of Network Attacks

Various methods used to exploit networks, including DDoS, malware distribution, and unauthorized access attempts.

Study Notes

Modern Network Security Threats

• Course: CCNA Security v2.0
• Instructor: Dr. Nadhir Ben Halima
• Topic: Modern network security threats
• Outline:
  • Introduction
  • Securing Networks
  • Network Threats
  • Mitigating Threats
  • Summary

Securing Networks

• Learning Objectives:
  • Describe the current network security landscape.
  • Explain how all types of networks need to be protected.
  • Explain different network topologies.

Network Threats

• Evolution of Network Security: Detailed analysis needed.
• Hacker Tools:
  • Script Kiddies
  • Vulnerability Brokers
  • Hacktivists
  • Cyber Criminals
  • State-Sponsored Hackers
• Hacker Tools:
  • Penetration testing.
  • Password crackers.
  • Wireless Hacking.
  • Network Scanning.
  • Packet Crafting.
  • Packet Sniffers.
  • Rootkit detectors
  • Fuzzers to search vulnerabilities.
  • Forensic.
  • Debuggers.
  • Hacking operating systems
  • Encryption
  • Vulnerability exploitation
  • Vulnerability scanners
• Network Hacking Attacks:
  • Eavesdropping.
  • Data modification.
  • IP address spoofing.
  • Denial-of-service.
  • Man-in-the-middle.
  • Compromised-key.
  • Sniffer

Malware

• Types of Malware:
  • Viruses (malicious software with a specific function).
  • Worms (executes arbitrary code, installs copies and spreads automatically through networks).
  • Trojan horses (non-self-replicating malware, disguised as legitimate software).
• Worm Components: Enabling vulnerability, propagation mechanism (spreading across networks), Payload (the malicious code).

Common Network Attacks

• Types of Attacks:
  • Reconnaissance (initial query of target, ping sweep, port scan, vulnerability scanners, exploitation tools).
  • Access (retrieve data, gain access, escalate privileges, password, port redirection, man-in-the-middle, buffer overflow, IP, MAC, DHCP spoofing).
  • Social Engineering (pretexting, phishing, spearphishing, spam, tailgating, something for something).
  • Denial of Service (DoS) (overloading the server with requests).
  • Distributed Denial of Service (DDoS) (botnet controlled by attackers overwhelming the target).
  • Data Modification (altering data).

Mitigating Security Threats

• Methods & Resources: strategies for network protection and security protocols.
• Domains of Network Security: Risk assessment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, security incident management, business continuity planning, compliance.
• Network Topologies:
  • Campus Area Networks
  • Small Office / Home Office Networks
  • Wide Area Networks
  • Data Center Networks
• Cisco SecureX Architecture: a framework for mitigating network incidents.
• Security Practices: Security policy development, employee education on social engineering risks, validate identities, control physical access, strong passwords, encrypt sensitive data, implement security hardware/software, backups, shut down services, patches, vulnerability testing.
• Mitigating common threats: malware, worms, reconnaissance attacks, access attacks, and DoS attacks.
  • Specific Mitigation techniques for each threat type are listed in the notes. (e.g, ACLs, Antispoofing, Layer 2 security, DHCP snooping, firewalls)

Summary

• Objectives: Explain network security, describe attack variations (reconnaissance, access, social, DoS, DDoS etc), explain ways to mitigate and contain network attacks and malware, and explain the components of the Cisco Network Foundation Protection Framework (NFP).