ccna security chap 1

8/4/2019 CCNA Security Chap 1

1/36

2007 SSA CATC. All rights reserved.Presentation_ID 1

SSA CATC

Modern NetworkSecurity Threats


2/36

2007 SSA CATC. All rights reservedPresentation_ID 2

SSA CATC

Agenda


3/36


SSA CATC

Common OSPFProblems

Fundamental Principles of aSecure Network


4/36


SSA CATC

What is Network Security?

National Security Telecommunications and Information SystemsSecurity Committee (NSTISSC)

Network security is the protection of information, and systems andhardware that use, store, and transmit that information

Network security encompasses those steps that are taken to ensurethe confidentiality, integrity, and availability of data or resources


5/36


SSA CATC

Rationale for Network Security

The need for network security and its growth are driven bymany factors:

1. Internet connectivity is 24/7 and is worldwide

2. Increase in cyber crime

3. Impact on business and individuals

4. Legislation

5. Proliferation of threats

6. Sophistication of threats


6/36


SSA CATC

Business Impact

1. Decrease in productivity

2. Release of unauthorized sensitive data

3. Threat of trade secrets or formulas

4. Compromise of reputation and trust

5. Loss of communications

6. Loss of time


7/36 2007 SSA CATC. All rights reservedPresentation_ID 7

SSA CATC

Sophistication of Threats

Inexperienced individuals easily available tools

Highly motivated individuals plannedattacks exploit vulnerabilities in the system



SSA CATC

Legislation

Federal and local government has passed legislation that holdsorganizations and individuals liable for mismanagement ofsensitive data. These laws include:

1.The Health Insurance Portability and Accountability Act of 1996(HIPAA)

2.The Sarbanes-Oxley Act of 2002 (Sarbox)

3.The Gramm-Leach-Blilely Act (GLBA)

4.US PATRIOT Act 2001



SSA CATC

Network Security Organisations



SSA CATC

Domains of Network Security Defined by ISO



SSA CATC

Network Security Policy

Broad document designed to be clearly applicable to an organization'soperations used to aid in network design, convey security principles, andfacilitate network deployments

The network security policy outlines what assets need to be protected andgives guidance on how it should be protected

Outlines rules for network access, determines how policies are enforced,and describes the basic architecture of the organization's network security

environment

Establishes a hierarchy of access permissions, giving employees only theminimal access necessary to perform their work



SSA CATC

Network Security Policy

A network security policy drives all thesteps to be taken to secure network

resources

Identifies critical assets

Guidelines for what users can and cannotdo = Acceptable User Policy (AUP)



SSA CATC

Cisco Self-Defending Network



SSA CATC

Products for Cisco Self-DefendingNetwork



SSA CATC

Common OSPFProblemsViruses, Worms and TrojanHorses



SSA CATC

Phases of Attack Probe phase

Vulnerable targets are identified through Reconnaissance Attacks

Ping Sweeps and Port Scans Identify OSs and vulnerable software

Hackers can obtain passwords using social engineering, dictionary attack, brute-force attack, networksniffing etc

Penetrate phase

Exploit code is transferred to the vulnerable target

Persist phase

After the attack is successfully launched the code tries to persist on the target system

The goal is to ensure that the attacker code is running and available to the attacker even if the systemreboots

Back doors, Trojans

Propagate phase

The attacker attempts to extend the attack to other targets by looking for vulnerable neighboring machines

Paralyze phase

Actual damage is done to the system

Files can be erased, systems can crash, information can be stolen, and distributed DoS (DDoS) attacks canbe launched



SSA CATC

Viruses, Worms and TrojanHorses primary vulnerabilities

Program that runs and spreads bymodifying other programs or filesTransmitted via email attachments,downloaded files or USB devices

Uses the network to send copies of itselfto any connected hostsWorms can run independently and

spread quickly

Written to appear like alegitimate program, whenin fact it is an attack tool



SSA CATC

Virus Mitigation(Countermeasures)

Anti-virus software is the most widely deployed security product onthe market today

Anti-virus products have update automation options so that newvirus definitions and new software updates can be downloadedautomatically or on demand

Anti-virus products are host-based installed on computers andservers to detect and eliminate viruses however, they do notprevent viruses from entering the network



SSA CATC

Anatomy of a Worm

Enabling vulnerability a worm installs itself using anexploit mechanism (email attachment, executable file,Trojan Horse) on a vulnerable system

Propagation mechanism after gaining access to adevice, the worm replicates itself and locates new targets

Payload any malicious code that results in some action most often this is used to create a backdoor to theinfected host



SSA CATC

Worm Mitigation

contain spread of worm into network compartmentalize uninfected parts of

your network

start patching all systems and scanningfor vulnerable systems

clean and patch each infected system

track down each infectedmachine inside your network

disconnect, remove, or blockinfected machines



SSA CATC

Mitigating Worms Example

SQL Slammer UDP port 1434



SSA CATC

Cisco Security Agent (CSA)

Host-based Intrusion Prevention System (HIPS)- can be integrated with anti-virus

Cisco Network Admission Control (NAC)Turnkey solution to control network accessIt admits only hosts that are authenticatedandhave had their security postureexamined and approved for the network



SSA CATC

Common OSPFProblemsAttack Methodologies



SSA CATC

Types of Attacks

Reconnaissance Attacks

Unauthorized discovery and mapping of systems, services, or vulnerabilities.Reconnaissance attacks often employ the use of packet sniffers and portscanners

Access Attacks

Exploit known vulnerabilities in authentication services, web services to gainentry to web accounts, confidential databases, and other sensitive information

Often employs a dictionary attack to guess system passwords

Denial of Service Attacks

Send extremely large numbers of requests over a network or the Internet

Cause the target device to run suboptimally

Attacked device becomes unavailable for legitimate access and use


25/36


SSA CATC

Reconnaissance Attacks Usually 1st Step for Attacker


26/36


SSA CATC

5 Types of Access Attacks

Password attack - attempts to guess system passwords

Trust exploitation - uses privileges granted to a system in an unauthorizedway

Port redirection - a compromised system is used as a jump-off point forattacks against other targets

Man-in-the-middle attack - attacker is positioned in the middle ofcommunications between two legitimate entities in order to read or modify

the data that passes between the two parties

Buffer overflow - program writes data beyond the allocated buffer memory.Buffer overflows usually arise as a consequence of a bug in a C or C++program = valid data is overwritten or exploited to enable the execution of

malicious code


27/36


SSA CATC

Denial of Service (DoS)

Poisonous Packet

- improperly formatted packet- target device could crash or run slowly

Continuous stream of data


28/36


SSA CATC

Distributed DoS (DDoS)

Attacker scans for vulnerable devices(handlers) installs Zombie software infects agent devices used to launch

attack


29/36


SSA CATC

DoS Attack Symptoms


30/36


SSA CATC

Reconnaissance AttackMitigation


31/36


SSA CATC

Access Attack Mitigation


32/36


SSA CATC

DoS Attack Mitigation


33/36


SSA CATC

10 Best Practices for NetworkSecurity

1. Keep patches up to date by installing them weekly or daily, if possible,to prevent buffer overflow and privilege escalation attacks

2. Shut down unnecessary services and ports

3. Use strong passwords and change them often

4. Control physical access to systems

5. Avoid unnecessary web page inputs some websites allow users toenter usernames and passwords (plus additional info)


34/36


SSA CATC

10 Best Practices for NetworkSecurity

6. Perform backups and test the backed up files on a regular basis

7. Educate employees about the risks of social engineering, and develop

strategies to validate identities over the phone, via email, or in person

8. Encrypt and password-protect sensitive data

9. Implement security hardware and software such as firewalls, IPSs,virtual private network (VPN) devices, anti-virus software

10. Develop a written security policy for the company


35/36


SSA CATC

Questions?


36/36

SSA CATC

Chapter 1 Labs

Lab-A Researching Network Attacks and SecurityAudit Tools

ccna security chap 1

Documents