CCNA Security v2.0 Chapter 1: Modern Network Security Threats PDF

Summary

This document provides an overview of modern network security threats and the tools used in network attacks. It is a comprehensive guide to understanding common network security terms such as threat, vulnerability, mitigation, and risk.

Full Transcript

Chapter 1:
Modern Network Security Threats

CCNA Security v2.0
Dr. Nadhir Ben Halima

Public
 1.0 Introduction
1.1 Securing Networks

Chapter Outline 1.2 Network Threats
1.3 Mitigating Threats
1.4 Summary

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Public
Section 1.1:
Securing Networks
Upon completion of this section, you should be able to:
Describe the current network security landscape.

Explain how all types of networks need to be protected.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Public
Topic 1.1.1:
Current State of Affairs

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Public
Networks Are Targets

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Public
Drivers for Network Security
Common network security terms:
Threat

Vulnerability

Mitigation
Cisco Security Intelligence Operations
Risk

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Public
Vectors of Network Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Public
Data Loss
Vectors of data loss:
Email/Webmail

Unencrypted Devices

Cloud Storage Devices

Removable Media

Hard Copy

Improper Access Control

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Public
Topic 1.1.2:
Network Topology Overview

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Public
Campus Area Networks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Public
Small Office and Home Office Networks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Public
Wide Area Networks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Public
Data Center Networks
Outside perimeter security:
On-premise security officers

Fences and gates

Continuous video surveillance

Security breach alarms

Inside perimeter security:
Electronic motion detectors

Security traps

Continuous video surveillance

Biometric access and exit sensors

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Public
Section 1.2:
Network Threats
Upon completion of the section, you should be able to:
Describe the evolution of network security.

Describe the various types of attack tools used by hackers.

Describe malware.

Explain common network attacks.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Public
Topic 1.2.1:
Who is Hacking Our Networks?

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Public
The Hacker & The Evolution of Hackers

Modern hacking titles:
Script Kiddies

Vulnerability Brokers

Hacktivists

Cyber Criminals

State-Sponsored
Hackers

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Public
Topic 1.2.2:
Hacker Tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Public
Introduction of Attack Tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Public
Evolution of Security Tools
Penetration testing tools:
Password crackers Forensic

Wireless hacking Debuggers

Network scanning and hacking Hacking operating systems

Packet crafting Encryption

Packet sniffers Vulnerability exploitation

Rootkit detectors Vulnerability Scanners

Fuzzers to search vulnerabilities

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Public
Categories of Attack Tools
Network hacking attacks:
Eavesdropping

Data modification

IP address spoofing

Denial-of-service

Man-in-the-middle

Compromised-key

Sniffer

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Public
Topic 1.2.3:
Malware

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Public
Various Types of Malware

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Public
Viruses

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Public
Trojan Horse Classification
Classifications:
Security software disabler

Remote-access

Data-sending

Destructive

Proxy

FTP

DoS

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Public
Worms

Initial Code Red Worm Infection

Code Red Worm Infection 19 Hours
Later

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Public
Worm Components
Components:
1.
Enabling vulnerability Propagate
for 19 days

Propagation mechanism

Payload

4.
Code Red 2.
Repeat the
cycle
Worm Launch DoS
attack for

Propagation
next 7 days

3.
Stop and go
dormant for
a few days

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Public
Other Malware

Ransomware Scareware
Spyware Phishing
Adware Rootkits

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Public
Topic 1.2.4:
Common Network Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Public
Types of Network Attacks

Data
Modification
Syn Flood

Smurf
Attack

Reconnaissance
Access
DoS

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Public
Reconnaissance Attacks
Initial query of a target

Ping sweep of the target network

Port scan of active IP addresses

Vulnerability scanners

Exploitation tools

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Public
Access Attacks
A few reasons why hackers use access attacks:
To retrieve data

To gain access

To escalate access privileges

A few types of access attacks include:
Password

Port redirection

Man-in-the-middle

Buffer overflow

IP, MAC, DHCP spoofing

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Public
Social Engineering Attacks
Pretexting

Phishing

Spearphishing

Spam

Tailgating

Something for Something

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Public
Denial of Service Attacks

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Public
DDoS Attacks
1. Hacker builds a network of infected machines
A network of infected hosts is called a botnet.
The compromised computers are called zombies.
Zombies are controlled by handler systems.

2. Zombie computers continue to scan and infect more targets
3. Hacker instructs handler system to make the botnet of zombies
carry out the DDoS attack

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Public