Ccna+sec+ch01+ +overview+security
Transcript of Ccna+sec+ch01+ +overview+security
![Page 1: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/1.jpg)
1© 2009 Cisco Systems, Inc. All rights reserved.
Network Security
Module 1 – Overview of Module 1 – Overview of Network SecurityNetwork Security
![Page 2: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/2.jpg)
2© 2009 Cisco Systems, Inc. All rights reserved.
Learning Objectives
1.1 Introduction to Network Security
1.2 Introduction to Vulnerabilities, Threats, and Attacks
1.3 Attack Examples
1.4 Vulnerability Analysis
![Page 3: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/3.jpg)
3© 2009 Cisco Systems, Inc. All rights reserved.
Module 1 – Overview of Network Security
1.1 Introduction to Network Security
![Page 4: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/4.jpg)
4© 2009 Cisco Systems, Inc. All rights reserved.
Network Security
• Network security is the process by which digital information assets are protected.
• The goals of security are to protect confidentiality, protect confidentiality, maintain integrity, and assure availabilitymaintain integrity, and assure availability. With this in mind, it is imperative that all networks be protected from threats and vulnerabilities in order for a business to achieve its fullest potential.
• Typically, these threats are persistent due to vulnerabilities, which can arise from misconfigured can arise from misconfigured hardware or software, poor network design, inherent hardware or software, poor network design, inherent technology weaknesses, or end-user carelessnesstechnology weaknesses, or end-user carelessness.
![Page 5: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/5.jpg)
5© 2009 Cisco Systems, Inc. All rights reserved.
The Closed Network
![Page 6: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/6.jpg)
6© 2009 Cisco Systems, Inc. All rights reserved.
The Network Today
![Page 7: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/7.jpg)
7© 2009 Cisco Systems, Inc. All rights reserved.
Identifying Potential Risks
• A risk analysis should identify the risks to the network, network resources, and data. The intent of a risk analysis is to identify the components of the network, evaluate the importance of each component, and then apply an appropriate level of security. This helps to maintain a workable balance between security and required network access.
Asset Identification
Vulnerability Assessment
Threat Identification
![Page 8: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/8.jpg)
8© 2009 Cisco Systems, Inc. All rights reserved.
Network Security Models
![Page 9: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/9.jpg)
9© 2009 Cisco Systems, Inc. All rights reserved.
Open Security Model
![Page 10: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/10.jpg)
10© 2009 Cisco Systems, Inc. All rights reserved.
Open Security Model
![Page 11: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/11.jpg)
11© 2009 Cisco Systems, Inc. All rights reserved.
Restricted Security Model
![Page 12: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/12.jpg)
12© 2009 Cisco Systems, Inc. All rights reserved.
Closed Security Model
![Page 13: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/13.jpg)
13© 2009 Cisco Systems, Inc. All rights reserved.
Closed Security Model
![Page 14: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/14.jpg)
14© 2009 Cisco Systems, Inc. All rights reserved.
Technology that affect Security
![Page 15: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/15.jpg)
15© 2009 Cisco Systems, Inc. All rights reserved.
Trends that Affect Security
• Increase of network attacks
• Increased sophistication of attacks
• Increased dependence on the network
• Lack of trained personnel
• Lack of awareness
• Lack of security policies
• Wireless access
• Legislation
• Litigation
![Page 16: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/16.jpg)
16© 2009 Cisco Systems, Inc. All rights reserved.
ISO/IEC 17799
–Security policy
–Organization of information security
–Asset management
–Human resources security
–Physical and environmental security
–Communications and operations management
–Access control
–Information systems acquisition, development and maintenance
–Information security incident management
–Business continuity management
–Compliance
–Risk Assesment
![Page 17: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/17.jpg)
17© 2009 Cisco Systems, Inc. All rights reserved.
Module 1 – Overview of Network Security
1.2 Introduction to Vulnerabilities, Threats, and Attacks
![Page 18: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/18.jpg)
18© 2009 Cisco Systems, Inc. All rights reserved.
Network Vulnerabilities
• Vulnerability is a weakness which is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices themselves.
• Threats are the people eager, willing, and qualified to take advantage of each security weakness, and they continually search for new exploits and weaknesses.
• Finally, the threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices.
![Page 19: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/19.jpg)
19© 2009 Cisco Systems, Inc. All rights reserved.
Network Vulnerabilities
•Technology: Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol, operating system, and network equipment weaknesses
•Configuration: Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate.
•Policy: The network may pose security risks to the network if users do not follow the security policy.
![Page 20: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/20.jpg)
20© 2009 Cisco Systems, Inc. All rights reserved.
Technology Weaknesses
![Page 21: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/21.jpg)
21© 2009 Cisco Systems, Inc. All rights reserved.
Configuration Weaknesses
![Page 22: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/22.jpg)
22© 2009 Cisco Systems, Inc. All rights reserved.
Security Policy Weaknesses
![Page 23: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/23.jpg)
23© 2009 Cisco Systems, Inc. All rights reserved.
Threat Capabilities—More Dangerous and Easier to Use
![Page 24: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/24.jpg)
24© 2009 Cisco Systems, Inc. All rights reserved.
Variety of Threats
![Page 25: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/25.jpg)
25© 2009 Cisco Systems, Inc. All rights reserved.
The four primary attack categories
![Page 26: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/26.jpg)
26© 2009 Cisco Systems, Inc. All rights reserved.
Attack Evolution
![Page 27: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/27.jpg)
27© 2009 Cisco Systems, Inc. All rights reserved.
Module 1 – Overview of Network Security
1.3 Attack Examples
![Page 28: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/28.jpg)
28© 2009 Cisco Systems, Inc. All rights reserved.
Network Threats
• There are four general categories of security threats to the network:
–Unstructured threats
–Structured threats
–External threats
–Internal threatsInternet
Externalexploitation
Externalexploitation
Internalexploitation
Internalexploitation
Dial-inexploitation
Dial-inexploitation
Compromised host
![Page 29: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/29.jpg)
29© 2009 Cisco Systems, Inc. All rights reserved.
Four Classes of Network Attacks
Reconnaissance attacks
Access attacks
Denial of service attacks
Worms, viruses, and Trojan horses
![Page 30: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/30.jpg)
30© 2009 Cisco Systems, Inc. All rights reserved.
Specific Attack Types
• All of the following can be used to compromise your system:
Packet sniffers
IP weaknesses
Password attacks
DoS or DDoS
Man-in-the-middle attacks
Application layer attacks
Trust exploitation
Port redirection
Virus
Trojan horse
Operator error
Worms
![Page 31: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/31.jpg)
31© 2009 Cisco Systems, Inc. All rights reserved.
Reconnaissance Attacks
• Network reconnaissance refers to the overall act of learning information about a target network by using publicly available information and applications.
![Page 32: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/32.jpg)
32© 2009 Cisco Systems, Inc. All rights reserved.
Reconnaissance Attack
![Page 33: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/33.jpg)
33© 2009 Cisco Systems, Inc. All rights reserved.
Reconnaissance Attack Example
Sample domain name query
• Sample IP address query
![Page 34: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/34.jpg)
34© 2009 Cisco Systems, Inc. All rights reserved.
Reconnaissance Attack Mitigation
Network reconnaissance cannot be prevented entirely.
IDSs at the network and host levels can usually notify an administrator when a reconnaissance gathering attack (for example, ping sweeps and port scans) is under way.
![Page 35: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/35.jpg)
35© 2009 Cisco Systems, Inc. All rights reserved.
Packet Sniffers
• A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets. The following are the packet sniffer features:
Packet sniffers exploit information passed in clear text. Protocols that pass information in the clear include the following:
•Telnet
•FTP
•SNMP
•POP
Packet sniffers must be on the same collision domain.
Host A Host BRouter A Router B
![Page 36: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/36.jpg)
36© 2009 Cisco Systems, Inc. All rights reserved.
Sniffers
![Page 37: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/37.jpg)
37© 2009 Cisco Systems, Inc. All rights reserved.
Packet Sniffer Mitigation
• The following techniques and tools can be used to mitigate sniffers:
Authentication—Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers.
Switched infrastructure —Deploy a switched infrastructure to counter the use of packet sniffers in your environment.
Antisniffer tools—Use these tools to employ software and hardware designed to detect the use of sniffers on a network.
Cryptography—The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant.
Host A Host BRouter A Router B
![Page 38: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/38.jpg)
38© 2009 Cisco Systems, Inc. All rights reserved.
Port Scans
![Page 39: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/39.jpg)
39© 2009 Cisco Systems, Inc. All rights reserved.
Port Scan Example
![Page 40: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/40.jpg)
40© 2009 Cisco Systems, Inc. All rights reserved.
Ping Sweeps
![Page 41: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/41.jpg)
41© 2009 Cisco Systems, Inc. All rights reserved.
Queries
![Page 42: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/42.jpg)
42© 2009 Cisco Systems, Inc. All rights reserved.
Access Attacks
• Access attacks exploit known vulnerabilities in authentication services, FTP services, and Web services to gain entry to Web accounts, confidential databases, and other sensitive information . Access attacks can consist of the following:
–Password attacks (Dictionary cracking, Brute-force computation)
–Trust Exploitation
–Port Redirection
–Man-in-the-middle Attack
–Social Engineering
–Phishing
![Page 43: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/43.jpg)
43© 2009 Cisco Systems, Inc. All rights reserved.
Access Attacks
![Page 44: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/44.jpg)
44© 2009 Cisco Systems, Inc. All rights reserved.
Port Redirection
![Page 45: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/45.jpg)
45© 2009 Cisco Systems, Inc. All rights reserved.
Password Attacks
• Hackers can implement password attacks using several different methods:
Brute-force attacks
Dictionary Attacks
Trojan horse programs
IP spoofing
Packet sniffers
![Page 46: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/46.jpg)
46© 2009 Cisco Systems, Inc. All rights reserved.
Password Attacks Mitigation
• The following are mitigation techniques:
Do not allow users to use the same password on multiple systems.
Disable accounts after a certain number of unsuccessful login attempts.
Do not use plain text passwords. OTP or a cryptographic password is recommended.
Use “strong” passwords. Strong passwords are at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters.
![Page 47: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/47.jpg)
47© 2009 Cisco Systems, Inc. All rights reserved.
Man-in-the-Middle Attacks
A man-in-the-middle attack requires that the hacker have access to network packets that come across a network.
A man-in-the-middle attack is implemented using the following:
Network packet sniffers
Routing and transport protocols
Possible man-in-the-middle attack uses include the following:
Theft of information
Hijacking of an ongoing session
Traffic analysis
DoS
Corruption of transmitted data
Introduction of new information into network sessions
Host A Host B
Router A Router B
Data in clear text
![Page 48: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/48.jpg)
48© 2009 Cisco Systems, Inc. All rights reserved.
Man-in-the-Middle Mitigation
• Man-in-the-middle attacks can be effectively mitigated only through the use of cryptography (encryption).
Host A Host B
Router A ISP Router B
A man-in-the-middle attack can only see cipher text
IPSec tunnel
![Page 49: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/49.jpg)
49© 2009 Cisco Systems, Inc. All rights reserved.
DoS Attacks
• They prevent authorized people from using a service by using up system resources. The following are examples of common DoS threats:
–Ping of death
–SYN flood attack
–Packet fragmentation and reassembly
–E-mail bombs
–Malicious applets
–Misconfiguring routers
![Page 50: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/50.jpg)
50© 2009 Cisco Systems, Inc. All rights reserved.
DoS Attacks
![Page 51: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/51.jpg)
51© 2009 Cisco Systems, Inc. All rights reserved.
DDoS
• DDoS attacks are designed to saturate network links with spurious data. This data can overwhelm an Internet link, causing legitimate traffic to be dropped. DDoS uses attack methods similar to standard DoS attacks but operates on a much larger scale. Typically hundreds or thousands of attack points attempt to overwhelm a target. Examples of DDoS attacks include the following:
–Smurf
–Tribe Flood Network (TFN)
–Stacheldraht
![Page 52: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/52.jpg)
52© 2009 Cisco Systems, Inc. All rights reserved.
DDoS Attack Example
![Page 53: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/53.jpg)
53© 2009 Cisco Systems, Inc. All rights reserved.
DoS Attack Mitigation
• The threat of DoS attacks can be reduced through the following three methods:
1. Antispoof features —Proper configuration of antispoof features on your routers and firewalls
2. Anti-DoS features —Proper configuration of anti-DoS features on routers and firewalls
3. Traffic rate limiting —Implement traffic rate limiting with the networks ISP
![Page 54: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/54.jpg)
54© 2009 Cisco Systems, Inc. All rights reserved.
IP Spoofing
IP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer.
Two general techniques are used during IP spoofing:
A hacker uses an IP address that is within the range of trusted IP addresses.
A hacker uses an authorized external IP address that is trusted.
Uses for IP spoofing include the following:
IP spoofing is usually limited to the injection of malicious data or commands into an existing stream of data.
A hacker changes the routing tables to point to the spoofed IP address, then the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can.
![Page 55: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/55.jpg)
55© 2009 Cisco Systems, Inc. All rights reserved.
IP Spoofing Mitigation
• The threat of IP spoofing can be reduced, but not eliminated, through the following measures:
Access control —The most common method for preventing IP spoofing is to properly configure access control.
RFC 2827 filtering —You can prevent users of your network from spoofing other networks (and be a good Internet citizen at the same time) by preventing any outbound traffic on your network that does not have a source address in your organization's own IP range.
Additional authentication that does not use IP-based authentication—Examples of this include the following:
Cryptographic (recommended)
Strong, two-factor, one-time passwords
![Page 56: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/56.jpg)
56© 2009 Cisco Systems, Inc. All rights reserved.
Application Layer Attacks
• Application layer attacks have the following characteristics:
Exploit well known weaknesses, such as protocols, that are intrinsic to an application or system (for example, sendmail, HTTP, and FTP)
Often use ports that are allowed through a firewall (for example, TCP port 80 used in an attack against a web server behind a firewall)
Can never be completely eliminated, because new vulnerabilities are always being discovered
![Page 57: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/57.jpg)
57© 2009 Cisco Systems, Inc. All rights reserved.
Application Layer Attacks Mitigation
• Some measures you can take to reduce your risks are as follows:
Read operating system and network log files, or have them analyzed by log analysis applications.
Subscribe to mailing lists that publicize vulnerabilities.
Keep your operating system and applications current with the latest patches.
IDSs can scan for known attacks, monitor and log attacks, and in some cases, prevent attacks.
![Page 58: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/58.jpg)
58© 2009 Cisco Systems, Inc. All rights reserved.
Virus and Trojan Horses
Viruses refer to malicious software that are attached to another program to execute a particular unwanted function on a user’s workstation. End-user workstations are the primary targets.
A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. A Trojan horse is mitigated by antivirus software at the user level and possibly the network level.
![Page 59: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/59.jpg)
59© 2009 Cisco Systems, Inc. All rights reserved.
Virus Attacks
![Page 60: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/60.jpg)
60© 2009 Cisco Systems, Inc. All rights reserved.
Worm attack mitigation
![Page 61: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/61.jpg)
61© 2009 Cisco Systems, Inc. All rights reserved.
Vulnerabilities Exist at all OSI Layers
![Page 62: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/62.jpg)
62© 2009 Cisco Systems, Inc. All rights reserved.
Attacks Mitigation
![Page 63: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/63.jpg)
63© 2009 Cisco Systems, Inc. All rights reserved.
Opportunities
![Page 64: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/64.jpg)
64© 2009 Cisco Systems, Inc. All rights reserved.
Module 1 – Overview of Network Security
1.4 Vulnerability Analysis
![Page 65: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/65.jpg)
65© 2009 Cisco Systems, Inc. All rights reserved.
Network Security Policy
• The network security policy is a broad, end-to-end document designed to be clearly applicable to an organization's operations. The policy is used to aid in network design, convey security principles, and facilitate network deployments.
• The network security policy outlines rules for network access, determines how policies are enforced, and describes the basic architecture of the organization's network security environment.
![Page 66: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/66.jpg)
66© 2009 Cisco Systems, Inc. All rights reserved.
Policy Identification
• The policy should identify the assets that require protection. This will help the designer provide the correct level of protection for sensitive computing resources, and identify the flow of sensitive data in the network.
• The policy should identify possible attackers. This will give the designer insight into the level of trust assigned to internal and external users, ideally identified by more specific categories such as business partners, customers of an organization, outsourcing IT partners.
![Page 67: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/67.jpg)
67© 2009 Cisco Systems, Inc. All rights reserved.
Network security Policies
![Page 68: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/68.jpg)
68© 2009 Cisco Systems, Inc. All rights reserved.
Cisco SDN
![Page 69: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/69.jpg)
69© 2009 Cisco Systems, Inc. All rights reserved.
SDN Topology
Cisco NAC Appliance & Cisco
Security Agent
Cisco IOS Firewall, VPN
Software, access control & Filtering
Cisco IOS Firewall, VPN
Software, access control & Filtering
Cisco IOS Firewall, Cisco
adaptive security appliance
Traffic inspection and
threat mitigation
Cisco security monitoring,
analisys, and response system
Cisco security Manager provides
policy-based management
![Page 70: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/70.jpg)
70© 2009 Cisco Systems, Inc. All rights reserved.
Auto Secure
To secure the management and forwarding planes of the router, use the auto secure command in privileged EXEC mode.
auto secure [management | forwarding] [no-interact]
Syntax Description
• management (Optional) Only the management plane will be secured.
• forwarding (Optional) Only the forwarding plane will be secured.
• no-interact (Optional) The user will not be prompted for any interactive configurations. If this keyword is not enabled, the command will show the user the noninteractive configuration and the interactive configurations thereafter.
![Page 71: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/71.jpg)
71© 2009 Cisco Systems, Inc. All rights reserved.
NSA Router Security Guide
![Page 72: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/72.jpg)
72© 2009 Cisco Systems, Inc. All rights reserved.
CIS RAT Report
![Page 73: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/73.jpg)
73© 2009 Cisco Systems, Inc. All rights reserved.
Host Analysis
• Network Mapper (Nmap) – Nmap is a very popular free tool used for security scanning and auditing. It can rapidly perform a port scan of a single host or a range of hosts. Nmap was originally written to be run on UNIX systems, and it is now available for use on Microsoft Windows platforms .
• Nessus – Nessus is a vulnerability scanner that is available for UNIX and Microsoft Windows platforms. New vulnerability testing capabilities can be added to Nessus through the installation of modular plugins. Nessus includes a built in port scanner, or it can be used along with Nmap. Once the Nessus scan is finished, a report is created. This report displays the results of the scan and provides steps that can be taken to mitigate vulnerabilities.
![Page 74: Ccna+sec+ch01+ +overview+security](https://reader034.fdocuments.net/reader034/viewer/2022051400/5555a12ed8b42a8e1f8b5243/html5/thumbnails/74.jpg)
74© 2009 Cisco Systems, Inc. All rights reserved.
Microsoft Baseline Security Analyzer
• The Microsoft Baseline Security Analyzer (MBSA) can be used to scan hosts running Windows 2000, Windows Vista, Windows XP, and Windows Server 2003 & 2008 operating systems to determine potential security risks.
• MBSA scans for common system misconfigurations and missing security updates. MBSA includes both a graphical and command line interface that can perform local or remote scans.
• After a system scan, the MBSA provides a report outlining potential vulnerabilities and the steps required to correct them.