CCNASv2_CH1(1) PDF
Document Details
Uploaded by IndebtedOwl
Dr. Nadhir Ben Halima
Tags
Related
- Internet Security Concepts PDF
- Week 1 Introduction: The Danger (CS 6353) Network and System Security PDF
- DDoS Attacks: A Detailed Guide PDF
- Chapter 7 PDF Questions and Answers
- Network Security Features, Defense Techniques & Solutions PDF
- Comp 101: Introduction to Computing - Security and Privacy (PDF)
Summary
This document is a chapter on modern network security threats. It covers topics such as the evolution of network threats, common network attacks and how to mitigate these attacks. The document also covers various types of malware, and the methods to mitigate these.
Full Transcript
Chapter 1: Modern Network Security Threats CCNA Security v2.0 Dr. Nadhir Ben Halima 1.0 Introduction 1.1 Securing Networks Chapter Outline...
Chapter 1: Modern Network Security Threats CCNA Security v2.0 Dr. Nadhir Ben Halima 1.0 Introduction 1.1 Securing Networks Chapter Outline 1.2 Network Threats 1.3 Mitigating Threats 1.4 Summary © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Section 1.1: Securing Networks Upon completion of this section, you should be able to: Describe the current network security landscape. Explain how all types of networks need to be protected. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Topic 1.1.1: Current State of Affairs © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Networks Are Targets © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Drivers for Network Security Common network security terms: Threat Vulnerability Mitigation Cisco Security Intelligence Operations Risk © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Vectors of Network Attacks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Data Loss Vectors of data loss: Email/Webmail Unencrypted Devices Cloud Storage Devices Removable Media Hard Copy Improper Access Control © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Topic 1.1.2: Network Topology Overview © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Campus Area Networks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Small Office and Home Office Networks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Wide Area Networks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Data Center Networks Outside perimeter security: On-premise security officers Fences and gates Continuous video surveillance Security breach alarms Inside perimeter security: Electronic motion detectors Security traps Continuous video surveillance Biometric access and exit sensors © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Section 1.2: Network Threats Upon completion of the section, you should be able to: Describe the evolution of network security. Describe the various types of attack tools used by hackers. Describe malware. Explain common network attacks. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Topic 1.2.1: Who is Hacking Our Networks? © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 The Hacker & The Evolution of Hackers Modern hacking titles: Script Kiddies Vulnerability Brokers Hacktivists Cyber Criminals State-Sponsored Hackers © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Topic 1.2.2: Hacker Tools © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Introduction of Attack Tools © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Evolution of Security Tools Penetration testing tools: Password crackers Forensic Wireless hacking Debuggers Network scanning and hacking Hacking operating systems Packet crafting Encryption Packet sniffers Vulnerability exploitation Rootkit detectors Vulnerability Scanners Fuzzers to search vulnerabilities © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Categories of Attack Tools Network hacking attacks: Eavesdropping Data modification IP address spoofing Denial-of-service Man-in-the-middle Compromised-key Sniffer © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Topic 1.2.3: Malware © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Various Types of Malware © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Viruses © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Trojan Horse Classification Classifications: Security software disabler Remote-access Data-sending Destructive Proxy FTP DoS © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Worms Initial Code Red Worm Infection Code Red Worm Infection 19 Hours Later © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Worm Components Components: 1. Enabling vulnerability Propagate for 19 days Propagation mechanism Payload 4. Code Red 2. Repeat the cycle Worm Launch DoS attack for Propagation next 7 days 3. Stop and go dormant for a few days © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Other Malware Ransomware Scareware Spyware Phishing Adware Rootkits © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 Topic 1.2.4: Common Network Attacks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Types of Network Attacks Data Modification Syn Flood Smurf Attack Reconnaissance Access DoS © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Reconnaissance Attacks Initial query of a target Ping sweep of the target network Port scan of active IP addresses Vulnerability scanners Exploitation tools © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 Access Attacks A few reasons why hackers use access attacks: To retrieve data To gain access To escalate access privileges A few types of access attacks include: Password Port redirection Man-in-the-middle Buffer overflow IP, MAC, DHCP spoofing © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Social Engineering Attacks Pretexting Phishing Spearphishing Spam Tailgating Something for Something © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Denial of Service Attacks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 DDoS Attacks 1. Hacker builds a network of infected machines A network of infected hosts is called a botnet. The compromised computers are called zombies. Zombies are controlled by handler systems. 2. Zombie computers continue to scan and infect more targets 3. Hacker instructs handler system to make the botnet of zombies carry out the DDoS attack © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 1.3 Mitigating Threats Upon completion of this section, you should be able to:: Describe methods and resources to protect the networks. Describe a collection of domains for network security. Explain the purpose of the Cisco SecureX Architecture. Describe the techniques used to mitigate common network attacks. Explain how to secure the three functional areas of Cisco routers and switches. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Topic 1.3.1: Defending the Network © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Network Security Professionals © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Network Security Organizations © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Confidentiality, Integrity, Availability Confidentiality: Uses encryption to encrypt and hide data. Components of CIA Availability: Integrity: Assures data is Uses hashing accessible. algorithms to Guaranteed by ensure data is network hardening unaltered during mechanisms and operation. backup systems. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Topic 1.3.2: Domains of Network Security © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Network Security Domains Risk assessment Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management Information systems acquisition, development, and maintenance Access control Information security incident management Business continuity management Compliance © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Network Security Policy © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 Network Security Policy Objectives © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Topic 1.3.4: Mitigating Common Network Threats © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Defending the Network Best practices: Develop a written security policy. Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person. Control physical access to systems. Use strong passwords and change them often. Encrypt and password-protect sensitive data. Implement security hardware and software. Perform backups and test the backed up files on a regular basis. Shut down unnecessary services and ports. Keep patches up-to-date by installing them weekly or daily to prevent buffer overflow and privilege escalation attacks. Perform security audits to test the network. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Mitigating Malware © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Mitigating Worms Containment Inoculation Quarantine Treatment © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Mitigating Reconnaissance Attacks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 Mitigating Access Attacks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Mitigating DoS Attacks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Topic 1.3.5: Cisco Network Foundation Protection Framework © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 NFP Framework © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 Securing the Control Plane © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Securing the Management Plane © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Securing the Data Plane © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Section 1.4: Summary Chapter Objectives: Explain network security. Describe various types of threats and attacks. Explain tools and procedures to mitigate the effects of malware and common network attacks. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Thank you.
