VPN Security: Network Security Terms, Attacks, and Mitigation - PDF

Chapter 1 PAGE 5 Common network security terms: - Threat: something that can cause damage or danger - Vulnerability: weakness - Mitigation: the action of reducing the chance of getting an attack. - Risk: a possibility that something bad will happen. PAGE 6 Vectors (the path) of Network Attacks: - All users can pass through the network after they go through firewalls. - Firewalls either block or allow the user. PAGE 7 Where can we have data loss?/ What are the vectors of data loss? - Email/Webmail - Unencrypted Devices - Cloud Storage Devices (we don’t know where the info is stored) - Removable Media (ex. Usb, disks) - Hard Copy - Improper Access Control (ex. Someone untrusted has access to my email) PAGE 9 & 49 Campus Area Network: - ASA Firewall (Adaptive security Appliance): filter traffic - AAA Server (Authentication,Authorization, Accounting) - IPS (Intrusion Prevention System) - DMZ (DHCP server, Email Server, Web Server, ESA/WSA) PAGE 10 Firewall: can be a hardware device or software that is used to protect one network from another. VPN (Virtual Private Network): is a service that can help you protect your privacy when you’re on the Internet. It does that by encrypting your online traffic to protect sensitive data from hackers and government surveillance agencies whenever you’re online – even on public WiFi networks. Firewall/VPN: is simply a device which contains both of those features. PAGE 11 - 12 Small Office and Home Office Networks (SOHO Network) Wide Area Networks (WAN): used by companies who have many branches - The thick line in the figure below shows that a VPN is used to make the line secure. PAGE 13 What are the outside perimeter security of data center networks? 1. On-premise security officers 2. Fences and gates 3. Continuous video surveillance 4. Security breach alarms What are the inside perimeter security of data center networks? 1. Electronic motion detectors 2. Security traps 3. Continuous video surveillance 4. Biometric access and exit sensors PAGE 14 What are VM(virtual machines) specific threats? 1. Hyperjacking 2. Instant On activation 3. Antivirus storm What are the Components of a Secure Data center? 1. Secure segmentation 2. Threat defense 3. Visibility What are the Critical MDM (Mobile Device Management) functions for BYOD (Bring Your Own Device) network? 1. Data encryption 2. PIN enforcement 3. Data wipe 4. Data loss prevention 5. Jailbreak/root detection PAGE 17 What are the Modern hacking titles? 1. Script Kiddies: unskilled attackers using available programs 2. Vulnerability Brokers 3. Hacktivists: someone who fights for someone's rights 4. Cyber Criminals 5. State-Sponsored Hackers: work for governments PAGE 19 Penetration testing tools: - Password crackers: used to crack passwords - Wireless hacking: man in the middle - Network scanning and hacking: like nmap - Packet crafting - Packet sniffers: capture packets of data that are transmitted over a network - Rootkit detectors - Fuzzers to search vulnerabilities - Forensic - Debuggers - Hacking operating systems - Encryption - Vulnerability exploitation - Vulnerability Scanners PAGE 20 What are different types of Network hacking attacks? - Eavesdropping - Data modification - IP address spoofing - Password-based -> like guessing - Denial-of-service - Man-in-the-middle - Compromised-key - Sniffer PAGE 22 - 28 What is Malware? a software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. What are the types of Malware? - Virus – attach itself to a program and propagate copies of itself to other programs. - Trojan Horse – non-self replicating malware. contains unexpected additional functionality. - Worm – propagates copies of itself through a network. - Ransomware – is malicious software that prevents users from accessing their systems unless they pay a ransom. - Spyware – spying on someone. Trojan can be used to spy on someone. - Adware – a fake displayed ad on a web one clicked on it’s a malicious code - Scareware – pop up - Phishing – scam attackers, deceive people into revealing sensitive information. - Rootkits– like trojan. What are Trojan Horse’s classifications?/What can a Trojan horse be used for? 1. Security software disabler 2. Remote-access 3. Data-sending 4. Destructive 5. Proxy 6. FTP 7. DoS What are the components of Worm? 1. Enabling vulnerability 2. Propagation mechanism 3. Payload PAGE 30 Why are networks targeted? 1. Data manipulation is the process of changing data to make it to suit a particular purpose. 2. A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. 3. Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. DOS (1 device) DDOS (Multiple device, done with zombies) 4. IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets. (Using someone's IP to take over something) What is the system compromised by hackers? zombies PAGE 31 What are types of Network attacks? - Syn flood (DOS) - Data Modification - Smurf attack (DDOS) PAGE 32 What are Reconnaissance Attacks? - Initial query of a target (send pings to target) - Ping sweep of the target network (search) - Port scan of active IP addresses (scan server to know which one is working) - Vulnerability scanners (weaknesses) - Exploitation tools (Damaging) PAGE 33 Why do hackers use access attacks? 1. To retrieve data 2. To gain access 3. To escalate access privileges What are types of access attacks? 1. Password 2. Trust exploitation 3. Port redirection 4. Man-in-the-middle 5. Buffer overflow 6. IP, MAC, DHCP spoofing PAGE 34 What are social engineering attacks? 1. Pretexting 2. Phishing 3. Spear Phishing 4. Spam 5. Something for Something (Trojan) 6. Baiting PAGE 35 What is a DOS (Denial of Service) attack? an attempt to overwhelm a network or server with excessive traffic to make it unavailable to users. PAGE 36 What is a DDOS (Distributed denial of service)? 1. Hacker builds a network of infected machines ○ A network of infected hosts is called a botnet. ○ The compromised computers are called zombies. ○ Zombies are controlled by handler systems. 2. Zombie computers continue to scan and infect more targets 3. Hacker instructs handler system to make the botnet of zombies carry out the DDoS attack PAGE 40 - 41 What are the different types of network security professionals? 1. Chief Information Officer (CIO)Chief Information Security Officer (CISO) 2. Security Operations (SecOps) Manager 3. Chief Security Officer (CSO) 4. Security Manager 5. Network Security Engineer What are the different types of network security organizations? 1. CERT - www.cert.org 2. SANS - www.sans.org 3. MITRE - www.mitre.org 4. FIRST (Forum of Incident Response and Security Teams) - www.first.org 5. InfoSec (Information System Security) - www.infosyssec.org 6. (ISC)² (International Information System Security Certification Consortium) - www.isc2.org 7. MS-ISAC (Multi-State Information Sharing & Analysis Center) - msisac.cisecurity.org PAGE 42 What are the components of cryptography? 1. Confidentiality: Uses encryption to encrypt and hide data. 2. Integrity: Uses hashing algorithms to ensure data is unaltered during operation. 3. Availability: Assures data is accessible. Guaranteed by network hardening mechanisms and backup systems. PAGE 44 - 45 What are Network security domains ? 1. Risk assessment 2. Security policy 3. Organization of information security 4. Asset management 5. Human resources security 6. Physical and environmental security 7. Communications and operations management 8. Information systems acquisition, development, and maintenance 9. Access control 10. Information security incident management 11. Business continuity management 12. Compliance What is Network security policy used for? Used for mitigation. PAGE 46 Network security policy is based on specific questions to be made: what are they? 1. What do you have that others want? 2. What processes, data, or information systems are critical to you, your company, or your organization? 3. What would stop your company or organization from doing business or fulfilling its mission? PAGE 48 What is a security artichoke? - It is a way to protect something by using many layers of security, like the layers of an artichoke. If one layer fails, the next layer is still there to protect you. This makes it harder for attackers to get through all the layers and reach what they're trying to access. - The artichoke attack: The "artichoke of attack" is when an attacker tries to break through layers of security, one by one to reveal sensitive data that is unprotected or secured by weak defenses, such as easy-to-crack passwords and IDs, to reach their target, similar to peeling an artichoke. PAGE 50 What are the SecureX product families? 1. Server Edge and Branch 2. Secure Email and Web 3. Secure Mobility 4. Secure Access 5. Secure Data Center and Virtualization PAGE 51 Centralized Context-Aware Network Scanning Element Defines security policies based on five parameters: what are they? 1. Type of device being used for access 2. Person’s identity 3. Application in use 4. Location 5. Time of access PAGE 52 Cisco Security Intelligence Operations PAGE 54 Mitigating Malware: taking steps to stop or reduce the damage caused by malicious software. This can involve actions like using antivirus, antispyware, firewall, antispam, anti phishing, removing the malware, blocking it from spreading, and fixing any problems it caused. PAGE 55 How do we mitigate worms, and what contaminants contribute to the process? - Inoculation: is a preventive method against network attacks (Before infection). - Quarantine: is a restriction to remove an infected system or portion of a network from the main network which is intended to prevent the spread of worms (After infection). - Treatment: Remove the worm and repair any damage it has caused. PAGE 56 What are the techniques used to Mitigate Reconnaissance Attacks? - Implement authentication to ensure proper access. - Use encryption to render packet sniffer attacks useless. - Use anti-sniffer tools to detect packet sniffer attacks. - Implement a switched infrastructure. - Use a firewall and IPS. PAGE 57 How to mitigate access attacks? - Strong password security. - Principle of minimum trust. - Cryptography. - Applying OS and application patches. PAGE 58 How to mitigate DoS attacks? - IPS and firewalls (Cisco ASAs and ISRs). - Anti Spoofing technologies. - Quality of service-traffic policing. PAGE 60 NFP Framework (Network Performance and Security) PAGE 61 How to secure the control plane in the NPS framework? - AutoSecure - Routing protocol authentication - Control Plane Policing(CoPP) PAGE 62 How to secure the management plane in the NPS framework? - Enabling login and password policy - Presenting legal notification - Ensuring the confidentiality of data using SSH and HTTPS - Enabling role - based access control - Authorizing actions - Enabling management access reporting PAGE 63 How to secure the data plane in the NPS framework? - ACLs - Anti Spoofing - Layer 2 security including ports security, DHCP snooping, dynamic ARP inspection (DAI) PAGE 64 Chapter Objectives: - Explain network security. - Describe various types of threats and attacks. - Explain tools and procedures to mitigate the effects of malware and common network attacks.

VPN Security: Network Security Terms, Attacks, and Mitigation - PDF

Document Details

Tags

Related

Summary

Full Transcript