1.1 Securing Networks
1.2 Network Threats
1.3 Mitigating Threats
Section 1.1: Securing Networks
Upon completion of this section, you should be able to:
- Describe the current network security landscape.
- Explain how all types of networks need to be protected.
Topic 1.1.1: Current State of Affairs
Networks Are Targets
Drivers for Network Security
- Common network security terms:
Vectors of Network Attacks
- Vectors of data loss:
- Unencrypted Devices
- Cloud Storage Devices
- Removable Media
- Hard Copy
- Improper Access Control
Topic 1.1.2: Network Topology Overview
Campus Area Networks
Small Office and Home Office Networks
Wide Area Networks
Data Center Networks
- Outside perimeter security:
- On-premise security officers
- Fences and gates
- Continuous video surveillance
- Security breach alarms
- Inside perimeter security:
- Electronic motion detectors
- Security traps
- Continuous video surveillance
- Biometric access and exit sensors
Cloud and Virtual Networks
- VM-specific threats:
- Instant On activation
- Antivirus storm
- Components of a secure data center:
- Secure segmentation
- Threat defense
The Evolving Network Border
- Critical MDM functions for BYOD network:
- Data encryption
- PIN enforcement
- Data wipe
- Data loss prevention
- Jailbreak/root detection
Section 1.2: Network Threats
Upon completion of the section, you should be able to:
- Describe the evolution of network security.
- Describe the various types of attack tools used by hackers.
- Describe malware.
- Explain common network attacks.
Topic 1.2.1: Who is Hacking Our Networks?
The Hacker & The Evolution of Hackers
Topic 1.2.2: Hacker Tools
Introduction of Attack Tools
Evolution of Security Tools
Penetration testing tools:
- Password crackers
- Wireless hacking
- Network scanning and hacking
- Packet crafting
- Packet sniffers
- Rootkit detectors
- Fuzzers to search vulnerabilities
- Hacking operating systems
- Vulnerability exploitation
- Vulnerability Scanners
Categories of Attack Tools
Network hacking attacks:
- Data modification
- IP address spoofing
Topic 1.2.3: Malware
Various Types of Malware
Trojan Horse Classification
- Security software disabler
Initial Code Red Worm Infection
Code Red Worm Infection 19 Hours Later
- Enabling vulnerability
- Propagation mechanism
Topic 1.2.4: Common Network Attacks
Types of Network Attacks
- Initial query of a target
- Ping sweep of the target network
- Port scan of active IP addresses
- Vulnerability scanners
- Exploitation tools
- A few reasons why hackers use access attacks:
- To retrieve data
- To gain access
- To escalate access privileges
- A few types of access attacks include:
- Trust exploitation
- Port redirection
- Buffer overflow
- IP, MAC, DHCP spoofing
Social Engineering Attacks
- Something for Something
Denial of Service Attacks
1.Hacker builds a network of infected machines
- A network of infected hosts is called a botnet.
- The compromised computers are called zombies.
- Zombies are controlled by handler systems.
2. Zombie computers continue to scan and infect more targets
3. Hacker instructs handler system to make the botnet of zombies carry out the DDoS attack
Section 1.3 Mitigating Threats
Upon completion of this section, you should be able to::
- Describe methods and resources to protect the networks.
- Describe a collection of domains for network security.
- Explain the purpose of the Cisco SecureX Architecture.
- Describe the techniques used to mitigate common network attacks.
- Explain how to secure the three functional areas of Cisco routers and switches.
Topic 1.3.1: Defending the Network
Network Security Professionals
Network Security Organizations
Confidentiality, Integrity, Availability
Topic 1.3.2: Domains of Network Security
Network Security Domains
- Risk assessment
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Information systems acquisition, development, and maintenance
- Access control
- Information security incident management
- Business continuity management
Network Security Policy
Network Security Policy Objectives
Topic 1.3.3: Introducing the Cisco SecureX Architecture
The Security Artichoke
Evolution of Network Security Tools
SecureX Product Families
SecureX Security Technology
Cisco SecureX Architecture:
- Scanning engines
- Delivery mechanisms
- Security intelligence operations (SIO)
- Policy management consoles
- Next-generation endpoint
Centralized Context-Aware Network Scanning Element
Defines security policies based on five parameters:
- Type of device being used for access
- Person’s identity
- Application in use
- Time of access
Cisco Security Intelligence Operations
Topic 1.3.4: Mitigating Common Network Threats
Defending the Network
- Develop a written security policy.
- Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.
- Control physical access to systems.
- Use strong passwords and change them often.
- Encrypt and password-protect sensitive data.
- Implement security hardware and software.
- Perform backups and test the backed up files on a regular basis.
- Shut down unnecessary services and ports.
- Keep patches up-to-date by installing them weekly or daily to prevent buffer overflow and privilege escalation attacks.
- Perform security audits to test the network.
Mitigating Reconnaissance Attacks
Mitigating Access Attacks
Mitigating DoS Attacks
Topic 1.3.5: Cisco Network Foundation Protection Framework
Securing the Control Plane
Securing the Management Plane
Securing the Data Plane
Section 1.4: Summary
- Explain network security.
- Describe various types of threats and attacks.
- Explain tools and procedures to mitigate the effects of malware and common network attacks.