Networking Fundamentals PDF

Welcome to my introduction to networking course, typically abbreviated it in this will be for the CCNA version seven curriculum, module 16, network security fundamentals. So the point of this module is to look at security threats and vulnerabilities, look at what they are, and kind of basic measures to make sure that we can mitigate them. Network attacks, basically identifying security vulnerabilities, mitigation techniques, and we\'re going to talk about device security specifically configuring network devices so we can harden them, basically turning on what features we need to to mitigate security threats. So let\'s go and look at security threats and vulnerabilities. So what are some common threats of on a network, or what are some common threat actors? So basically, if we\'re talking network services, it could be a direct disruption of services, basically take out the network, or make the network so slow we\'re unusable that we can\'t do anything. We could also look at data loss, data manipulation, being able to steal credentials like passwords or usernames, more of the extremely things like identity theft or data slash, information theft, intellectual property theft, those are all big ones that these threat actors are looking for. So a threat actor is anyone that can act on any type of threat or vulnerability on a system. So again, types of vulnerabilities, there are three main types of vulnerabilities, technology vulnerabilities. That\'s going to be looking at the protocols, the operating systems, the overall networking equipment weaknesses. Second is configuration vulnerabilities. This will include things like unsecured user or admin account, system accounts, backup accounts, things of that nature. Misconfigured Internet services are a big one. The use of default settings is a huge part of this, or any other type of misconfigured networking equipment. Lastly, is a administrative issue, and this is a vulnerability and security policies, and this is going to be a lack of written policies. Remember that the administrative policies actually dictate these security policies, so not having the appropriate security policies make it really hard to verify and audit the technical controls. These three are main sources of vulnerabilities, and honestly, each one of these can leave a huge hole in the overall network security. Physical security is also a huge part of this. Physical security are actually some are showing up in person. We can be looking at hardware threats, and that will include physical damage to equipment, environmental threats that could be temperatures too hot, too cold, too wet, too dry, things of that nature, electrical that could be a non standard power grid or non stable power grid. So we end up with sags or spikes or improper voltage to actually power units, maybe noise or even just a straight power outage, complete power loss. Lastly, the fourth one is maintenance threats. Basically this will be poor handling of key electrical components, ESD discharge, maybe the lack of critical spare parts. I was doing a work for casino, and they have a backup core piece of equipment on the top floor. Everything is stored in the basement, and they actually have figured that it\'s easier for them to keep the critical spare core component top floor. That way, if there\'s an issue, they can just run up there and run it down. And actually, I had them come with a straight face that that was appropriate. They did not mind carrying a piece of equipment down 20 flights of stairs in the middle of an emergency, if any. Needed to replace it with a core switch. If they needed to replace this core switch, the switch weighed 80 pounds. The switch also helped run the elevators. So if the switch, the core switch, went down, they\'d have to do everything via stairs. But that was perfectly okay for them. They actually had a plan in place if this happened, do this so at least they actually had a physical security plan that looked at ways to handle this maintenance, a overall good physical security outlook will have a plan addressing each one of these four major items, all right, so let\'s go ahead and let\'s talk about network based attacks. So these are going to be things that will be on the network or on a end host. So normally, we have to talk about malware when we talk about these types of attacks. Malware is short for malicious software, basically any type of software that does malicious intent. Three of the main types are going to be viruses, worms, Trojan horses. Viruses are going to be a traditional type of malware that propagates by inserting some type of storage to propagate itself a worm. Are very similar to viruses, but they replicate themselves. A Trojan horse is going to be a piece of software that may look legit but provides a back door. These are not the only types of malware. We\'ve actually seen a huge increase in things like ransomware, spyware and adware. Ransomware being one of the most biggest issues, mainly because with ransomware is they can use the encryption power of a computer, and they can encrypt data, and they can hold it ransom make you pay for decoding that data. Alright. So other types of attacks are things like a reconnaissance attack. Part of that reconnaissance attack is basically mapping services, systems and possible vulnerabilities, looking at network scanners, or maybe just publicly accessible information through like who is lookup or a ms lookup. Part of the types of network attacks could also be things like access attacks. They can manipulate data access to gain access to a system. Maybe they social engineer to get a username and password. Maybe they send phishing emails to gain access. Different ways to gain access to a system. One of the interesting parts is they\'re all about gaining access, where this, in contrast, denial of service is about disrupting access, making a system overloaded so that no one can gain access to that resource. So there\'s a lot of issues with these types of attacks. One could be looking to gain access. One could be looking at stealing access. One could be completely disrupting all access so that no one can have access. Alright? Other common types of access attacks are things like password attacks or trust exploits, so port redirections or even man in the middle. So password attacks are pretty simple. Those are things that might be guessing passwords, brute forcing passwords, using a packet sniffer to actually sniff the wire for plain text passwords, things of that nature. A trust exploitation is where a truck threat actor actually will use unauthorized privileges to gain access to a system trying to compromise that target port, redirection is what you would expect. That is where a threat actor using one port tries to connect to a compromised host, because the compromised host may trust or accept inbound connections on that port, and then from there, they may pivot to other types of systems. Man in the middle is where a device or individual is actually between a source and destination, between two legitimate sources of destinations and the threat actor then captures data back and forth, and they may manipulate data back and forth or even distill the data back and forth, thus being able to gain access to passwords or manipulate data or access a system different types of ways when the. With man in the middle. Man in the middle can also patch files in transit. So if you download something and there happens to be a man in the middle, the man in the middle application could actually patch any download to embed malware in them. So there is some issues with man in the middle based attacks, denial of services we\'ve already kind of talked about that is where a an attacker tries to limit the responsive capabilities of a resource by having several things access resources on that system, the more devices attacking a system, the more resources that they can be used up. So oftentimes we get what\'s called a DDoS attack, a distributed denial of service. And normally what this is you have a attacker, threat actor, that may control a ton of other computers, and all of those computers target a specific destination, overwhelming that destination, the threat actor has a command and control system that may program or have control over several other hosts. Those are called zombies, and so this network of zombies is called a bot nets. We have a lab exploring the SAMS website, looking at identifying and detailing specific network security threats. Moving on, let\'s talk about network attack mitigation. Because now that we have an understanding what some of the common attacks are, we have to discuss how to mitigate them. So one of the first things we talk about when we talk network mitigation, it\'s this thing called defense in depth. So to mitigate network attacks, you must first secure the devices, including all the routers, switches, servers, hosts, phones, everything that\'s attached to the network. Basically, the goal is to provide as much depth to the security as possible. This approach is often called the layered approach. This does require a combination of networking devices and services working together, looking at some type of network detrusion detection and network prevention systems, looking at how all of that correlates to logs, and how that correlates to a sim and how all the different services are communicating with one another, so that the security engineer can actually quickly look at them and figure out what to do based off of certain criteria. Security devices could also include things like firewalls, email security, web security, some type of AAA server that allows for authentication, authorization, accountability, if we\'re dealing with outside resources, a VPN. All of those are services that are critical when we\'re providing different layers. Another common way to mitigate attacks are going to be backups. That means verifying that we have current backups of systems that are frequently backed up based off of need, that both the backups are secure and that we have adequate storage to do backups, another common and actually very often overlooked type of mitigating attacks are things like updating. Is your operating system up to date? Is your antivirus up to date. Is your anti malware up to date and are they running? Can we make sure they\'re up to date? Can we make sure that they\'re actually being used appropriately? So we talked about triple A a second ago. Triple A authentication, authorization and accounting. Authentication verifies who you are. Authorization verifies that you\'re able to do certain tasks. Accounting, basically is just a way of auditing to make sure that there\'s records of everything that you\'ve done. That\'s called AAA. Firewalls are going to be a big one. Firewalls allow us to put in rules that allow us to dictate what type of traffic is allowed. You\'ll notice in this diagram we may have certain resources that need to be accessed, both inside and outside. So. Firewall, we can have what\'s called a demilitarized zone DMZ that allows us to have an intermediary between the inside network and the outside network. This DMZ provides a little more protection than just allowing it on the inside part of the network and then allowing internet traffic into the network. One issue is that when we say firewall, there\'s many types of firewalls. We have a packet filtering firewall, an application filtering firewall, a URL filtering firewall, and a Stateful Packet Inspection type firewall. Packet filtering basically allows us to look at packets based off of IP or frames MAC addresses and filter based off of that application. Allows us to be more granular on the application or on the port number. URL filtering prevents or allows access to websites based off of the URL or based off of a keyword. We also have, lastly, the Stateful Packet Inspection, where we will inspect all incoming packets and we verify that there are legitimate responses to requests from internal hosts. Those are the four common types of firewalls, not the only ones, but the most common ones. Other forms of mitigation techniques are endpoint security. We already talked about administrative policies, but maybe also making sure that we have appropriate job training, that we have job rotation, maybe also ensuring that all endpoints have security training for all the users that use those endpoints, and that the endpoints are set to update and scan regularly. All of those are critical things that often are overlooked. Moving on, we have our device security. Cisco recently acquired this auto secure setting features where we can set certain criteria, like looking to make sure default usernames and passwords, making sure that they\'re changed immediately access to system resources and making sure that those access are restricted. These are again, common steps that we should be looking at with the auto secure making sure that all services and applications are turned on as appropriate if they\'re not being turned on appropriately, turn them all off. Only have the services and applications that are needed running often. Systems are set with all of these features turned on and all of these features out of date, so making sure that when we have a new system, we update the system as appropriate and the applications as appropriate, and disable system services and applications as appropriate, ensuring that we have the best secured device as possible. That\'s known as hardening. Moving on, are things like passwords, making sure that we have passwords that meet certain standards. Things like, are they eight characters? 10 is the preferred length or more, making sure passwords are complex, making sure that passwords are three of the four main characters, uppercase, lowercase, numbers and symbols, making sure that passwords are complex enough, maybe making sure that passwords don\'t Allow for repetitiveness, like it cannot be words in the dictionary. It cannot be similar to the same password that you use last time, maybe looking at deliberately misspelling a word so that only you know the spelling. I often call this called elite speak, where you replace letters and numbers, that way we can replace an S for the five, and you know that the five is an S, but it\'s not always about picking the most secure password. It\'s also about having good habits, like making sure you don\'t write the password down and leave it on a sticky note underneath your monitor, your keyboard. Those are actually big things that I seen pretty regularly. The problem with that is it\'s about finding a nice balance having a secured enough password that one that you can remember. It without having to write it down, but is complex enough so that other people won\'t be able to guess, and that\'s one of the challenges when dealing with passwords. When we\'re talking password protection on devices, we can actually set security controls on our hardware, assuming we have administrative policy that dictates how our password policy for our devices should be set up, we can set things like minimum length passwords. We could do login blocks after X amount of failed attempts within a certain time frame. We can do executive timeouts. We can ensure that only protected connections are coming in, if necessary. There\'s lots of things that we can do to protect them, as long as we actually implement them. SSH is one of the big ones, because by default, you can use Telnet, but telnet allows everything via plain text, so we can enable SSH and verify that it\'s in use, and we can then say only use SSH. That\'s a really good method for protecting the networking infrastructure that way no weak communication protocols are in use. So how do we set up SSH? Six general steps, configure the host name, configure an IP domain name, generate the appropriate keys, verify a local database entry with a username, make sure to authenticate against the local database using login local and then enable SSH on the appropriate interfaces that will allow us to set up SSH. Another thing for protecting in devices are things like disabling unused services. If you do not need port 20 open, you\'re not using FTP, shut those ports down. You don\'t need to use them. Only open the ports that you actually use. We actually have a lab setting up SSH. We have a lab doing basic configuration and setting up SSH. And that is the end of this. Course. We have labs setting up secure devices, basic settings. So what did we learn in this course? We looked about the classifications of physical threats, malware, basic network attacks, their breakdown, reconnaissance, access and dialog service. We looked at ways to mitigate attacks. We looked at different types of firewalls. We looked at AAA services and kind of what they do. We looked at ways to secure endpoints, some common practices for securing endpoints, and we finished it off with password protections.

Networking Fundamentals PDF

Document Details

Tags

Related

Summary

Full Transcript