CCNA Security 2.0 Study Material – Chapter 1: Modern Network Security Threats

Chapter Outline:

1.0 Introduction
1.1 Securing Networks
1.2 Network Threats
1.3 Mitigating Threats
1.4 Summary

Section 1.1: Securing Networks

Upon completion of this section, you should be able to:

  • Describe the current network security landscape.
  • Explain how all types of networks need to be protected.

Topic 1.1.1: Current State of Affairs

Networks Are Targets

Drivers for Network Security

  • Common network security terms:
    • Threat
    • Vulnerability
    • Mitigation
    • Risk

Vectors of Network Attacks

Data Loss

  • Vectors of data loss:
    • Email/Webmail
    • Unencrypted Devices
    • Cloud Storage Devices
    • Removable Media
    • Hard Copy
    • Improper Access Control

Topic 1.1.2: Network Topology Overview

Campus Area Networks

Small Office and Home Office Networks

Wide Area Networks

Data Center Networks

  • Outside perimeter security:
    • On-premise security officers
    • Fences and gates
    • Continuous video surveillance
    • Security breach alarms
  • Inside perimeter security:
    • Electronic motion detectors
    • Security traps
    • Continuous video surveillance
    • Biometric access and exit sensors

Cloud and Virtual Networks

  • VM-specific threats:
    • Hyperjacking
    • Instant On activation
    • Antivirus storm
  • Components of a secure data center:
    • Secure segmentation
    • Threat defense
    • Visibility

The Evolving Network Border

  • Critical MDM functions for BYOD network:
    • Data encryption
    • PIN enforcement
    • Data wipe
    • Data loss prevention
    • Jailbreak/root detection

Section 1.2: Network Threats

Upon completion of the section, you should be able to:

  • Describe the evolution of network security.
  • Describe the various types of attack tools used by hackers.
  • Describe malware.
  • Explain common network attacks.

Topic 1.2.1: Who is Hacking Our Networks?

The Hacker & The Evolution of Hackers

Topic 1.2.2: Hacker Tools

Introduction of Attack Tools

Evolution of Security Tools

Penetration testing tools:

  • Password crackers
  • Wireless hacking
  • Network scanning and hacking
  • Packet crafting
  • Packet sniffers
  • Rootkit detectors
  • Fuzzers to search vulnerabilities
  • Forensic
  • Debuggers
  • Hacking operating systems
  • Encryption
  • Vulnerability exploitation
  • Vulnerability Scanners

Categories of Attack Tools

Network hacking attacks:

  • Eavesdropping
  • Data modification
  • IP address spoofing
  • Password-based
  • Denial-of-service
  • Man-in-the-middle
  • Compromised-key
  • Sniffer

Topic 1.2.3: Malware

Various Types of Malware


Trojan Horse Classification


  • Security software disabler
  • Remote-access
  • Data-sending
  • Destructive
  • Proxy
  • FTP
  • DoS


Initial Code Red Worm Infection

Code Red Worm Infection 19 Hours Later

Worm Components


  • Enabling vulnerability
  • Propagation mechanism
  • Payload

Other Malware

Topic 1.2.4: Common Network Attacks

Types of Network Attacks

Reconnaissance Attacks

  • Initial query of a target
  • Ping sweep of the target network
  • Port scan of active IP addresses
  • Vulnerability scanners
  • Exploitation tools

Access Attacks

  • A few reasons why hackers use access attacks:
    • To retrieve data
    • To gain access
    • To escalate access privileges
    • A few types of access attacks include:
  • Password
    • Trust exploitation
    • Port redirection
    • Man-in-the-middle
    • Buffer overflow
    • IP, MAC, DHCP spoofing

Social Engineering Attacks

  • Pretexting
  • Phishing
  • Spearphishing
  • Spam
  • Tailgating
  • Something for Something
  • Baiting

Denial of Service Attacks

DDoS Attacks

1.Hacker builds a network of infected machines

  • A network of infected hosts is called a botnet.
  • The compromised computers are called zombies.
  • Zombies are controlled by handler systems.

2. Zombie computers continue to scan and infect more targets

3. Hacker instructs handler system to make the botnet of zombies carry out the DDoS attack

Section 1.3 Mitigating Threats

Upon completion of this section, you should be able to::

  • Describe methods and resources to protect the networks.
  • Describe a collection of domains for network security.
  • Explain the purpose of the Cisco SecureX Architecture.
  • Describe the techniques used to mitigate common network attacks.
  • Explain how to secure the three functional areas of Cisco routers and switches.

Topic 1.3.1: Defending the Network

Network Security Professionals

Network Security Organizations

Confidentiality, Integrity, Availability

Topic 1.3.2: Domains of Network Security

Network Security Domains

  • Risk assessment
  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Information systems acquisition, development, and maintenance
  • Access control
  • Information security incident management
  • Business continuity management
  • Compliance

Network Security Policy

Network Security Policy Objectives

Topic 1.3.3: Introducing the Cisco SecureX Architecture

The Security Artichoke

Evolution of Network Security Tools

SecureX Product Families

SecureX Security Technology

Cisco SecureX Architecture:

  • Scanning engines
  • Delivery mechanisms
  • Security intelligence operations (SIO)
  • Policy management consoles
  • Next-generation endpoint

Centralized Context-Aware Network Scanning Element

Defines security policies based on five parameters:

  • Type of device being used for access
  • Person’s identity
  • Application in use
  • Location
  • Time of access

Cisco Security Intelligence Operations

Topic 1.3.4: Mitigating Common Network Threats

Defending the Network

Best practices:

  • Develop a written security policy.
  • Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.
  • Control physical access to systems.
  • Use strong passwords and change them often.
  • Encrypt and password-protect sensitive data.
  • Implement security hardware and software.
  • Perform backups and test the backed up files on a regular basis.
  • Shut down unnecessary services and ports.
  • Keep patches up-to-date by installing them weekly or daily to prevent buffer overflow and privilege escalation attacks.
  • Perform security audits to test the network.

Mitigating Malware

Mitigating Worms

Mitigating Reconnaissance Attacks

Mitigating Access Attacks

Mitigating DoS Attacks

Topic 1.3.5: Cisco Network Foundation Protection Framework

NFP Framework

Securing the Control Plane

Securing the Management Plane

Securing the Data Plane

Section 1.4: Summary

Chapter Objectives:

  • Explain network security.
  • Describe various types of threats and attacks.
  • Explain tools and procedures to mitigate the effects of malware and common network attacks.
Notify of

Inline Feedbacks
View all comments
3 years ago

Hi Admin! Where did the Courseware for CCNA Security go? Thank you for the answer!

Aung Hein
Aung Hein
5 years ago

I hope someday there can also be a Courseware for CCNA Security too.