Download - CCNA Security Chap 1
-
8/4/2019 CCNA Security Chap 1
1/36
2007 SSA CATC. All rights reserved.Presentation_ID 1
SSA CATC
Modern NetworkSecurity Threats
-
8/4/2019 CCNA Security Chap 1
2/36
2007 SSA CATC. All rights reservedPresentation_ID 2
SSA CATC
Agenda
-
8/4/2019 CCNA Security Chap 1
3/36
2007 SSA CATC. All rights reservedPresentation_ID 3
SSA CATC
Common OSPFProblems
Fundamental Principles of aSecure Network
-
8/4/2019 CCNA Security Chap 1
4/36
2007 SSA CATC. All rights reservedPresentation_ID 4
SSA CATC
What is Network Security?
National Security Telecommunications and Information SystemsSecurity Committee (NSTISSC)
Network security is the protection of information, and systems andhardware that use, store, and transmit that information
Network security encompasses those steps that are taken to ensurethe confidentiality, integrity, and availability of data or resources
-
8/4/2019 CCNA Security Chap 1
5/36
2007 SSA CATC. All rights reservedPresentation_ID 5
SSA CATC
Rationale for Network Security
The need for network security and its growth are driven bymany factors:
1. Internet connectivity is 24/7 and is worldwide
2. Increase in cyber crime
3. Impact on business and individuals
4. Legislation
5. Proliferation of threats
6. Sophistication of threats
-
8/4/2019 CCNA Security Chap 1
6/36
2007 SSA CATC. All rights reservedPresentation_ID 6
SSA CATC
Business Impact
1. Decrease in productivity
2. Release of unauthorized sensitive data
3. Threat of trade secrets or formulas
4. Compromise of reputation and trust
5. Loss of communications
6. Loss of time
-
8/4/2019 CCNA Security Chap 1
7/36 2007 SSA CATC. All rights reservedPresentation_ID 7
SSA CATC
Sophistication of Threats
Inexperienced individuals easily available tools
Highly motivated individuals plannedattacks exploit vulnerabilities in the system
-
8/4/2019 CCNA Security Chap 1
8/36 2007 SSA CATC. All rights reservedPresentation_ID 8
SSA CATC
Legislation
Federal and local government has passed legislation that holdsorganizations and individuals liable for mismanagement ofsensitive data. These laws include:
1.The Health Insurance Portability and Accountability Act of 1996(HIPAA)
2.The Sarbanes-Oxley Act of 2002 (Sarbox)
3.The Gramm-Leach-Blilely Act (GLBA)
4.US PATRIOT Act 2001
-
8/4/2019 CCNA Security Chap 1
9/36 2007 SSA CATC. All rights reservedPresentation_ID 9
SSA CATC
Network Security Organisations
-
8/4/2019 CCNA Security Chap 1
10/36 2007 SSA CATC. All rights reservedPresentation_ID 10
SSA CATC
Domains of Network Security Defined by ISO
-
8/4/2019 CCNA Security Chap 1
11/36 2007 SSA CATC. All rights reservedPresentation_ID 11
SSA CATC
Network Security Policy
Broad document designed to be clearly applicable to an organization'soperations used to aid in network design, convey security principles, andfacilitate network deployments
The network security policy outlines what assets need to be protected andgives guidance on how it should be protected
Outlines rules for network access, determines how policies are enforced,and describes the basic architecture of the organization's network security
environment
Establishes a hierarchy of access permissions, giving employees only theminimal access necessary to perform their work
-
8/4/2019 CCNA Security Chap 1
12/36 2007 SSA CATC. All rights reservedPresentation_ID 12
SSA CATC
Network Security Policy
A network security policy drives all thesteps to be taken to secure network
resources
Identifies critical assets
Guidelines for what users can and cannotdo = Acceptable User Policy (AUP)
-
8/4/2019 CCNA Security Chap 1
13/36 2007 SSA CATC. All rights reservedPresentation_ID 13
SSA CATC
Cisco Self-Defending Network
-
8/4/2019 CCNA Security Chap 1
14/36 2007 SSA CATC. All rights reservedPresentation_ID 14
SSA CATC
Products for Cisco Self-DefendingNetwork
-
8/4/2019 CCNA Security Chap 1
15/36 2007 SSA CATC. All rights reservedPresentation_ID 15
SSA CATC
Common OSPFProblemsViruses, Worms and TrojanHorses
-
8/4/2019 CCNA Security Chap 1
16/36 2007 SSA CATC. All rights reservedPresentation_ID 16
SSA CATC
Phases of Attack Probe phase
Vulnerable targets are identified through Reconnaissance Attacks
Ping Sweeps and Port Scans Identify OSs and vulnerable software
Hackers can obtain passwords using social engineering, dictionary attack, brute-force attack, networksniffing etc
Penetrate phase
Exploit code is transferred to the vulnerable target
Persist phase
After the attack is successfully launched the code tries to persist on the target system
The goal is to ensure that the attacker code is running and available to the attacker even if the systemreboots
Back doors, Trojans
Propagate phase
The attacker attempts to extend the attack to other targets by looking for vulnerable neighboring machines
Paralyze phase
Actual damage is done to the system
Files can be erased, systems can crash, information can be stolen, and distributed DoS (DDoS) attacks canbe launched
-
8/4/2019 CCNA Security Chap 1
17/36 2007 SSA CATC. All rights reservedPresentation_ID 17
SSA CATC
Viruses, Worms and TrojanHorses primary vulnerabilities
Program that runs and spreads bymodifying other programs or filesTransmitted via email attachments,downloaded files or USB devices
Uses the network to send copies of itselfto any connected hostsWorms can run independently and
spread quickly
Written to appear like alegitimate program, whenin fact it is an attack tool
-
8/4/2019 CCNA Security Chap 1
18/36 2007 SSA CATC. All rights reservedPresentation_ID 18
SSA CATC
Virus Mitigation(Countermeasures)
Anti-virus software is the most widely deployed security product onthe market today
Anti-virus products have update automation options so that newvirus definitions and new software updates can be downloadedautomatically or on demand
Anti-virus products are host-based installed on computers andservers to detect and eliminate viruses however, they do notprevent viruses from entering the network
-
8/4/2019 CCNA Security Chap 1
19/36 2007 SSA CATC. All rights reservedPresentation_ID 19
SSA CATC
Anatomy of a Worm
Enabling vulnerability a worm installs itself using anexploit mechanism (email attachment, executable file,Trojan Horse) on a vulnerable system
Propagation mechanism after gaining access to adevice, the worm replicates itself and locates new targets
Payload any malicious code that results in some action most often this is used to create a backdoor to theinfected host
-
8/4/2019 CCNA Security Chap 1
20/36 2007 SSA CATC. All rights reservedPresentation_ID 20
SSA CATC
Worm Mitigation
contain spread of worm into network compartmentalize uninfected parts of
your network
start patching all systems and scanningfor vulnerable systems
clean and patch each infected system
track down each infectedmachine inside your network
disconnect, remove, or blockinfected machines
-
8/4/2019 CCNA Security Chap 1
21/36 2007 SSA CATC. All rights reservedPresentation_ID 21
SSA CATC
Mitigating Worms Example
SQL Slammer UDP port 1434
-
8/4/2019 CCNA Security Chap 1
22/36 2007 SSA CATC. All rights reservedPresentation_ID 22
SSA CATC
Cisco Security Agent (CSA)
Host-based Intrusion Prevention System (HIPS)- can be integrated with anti-virus
Cisco Network Admission Control (NAC)Turnkey solution to control network accessIt admits only hosts that are authenticatedandhave had their security postureexamined and approved for the network
-
8/4/2019 CCNA Security Chap 1
23/36 2007 SSA CATC. All rights reservedPresentation_ID 23
SSA CATC
Common OSPFProblemsAttack Methodologies
-
8/4/2019 CCNA Security Chap 1
24/36 2007 SSA CATC. All rights reservedPresentation_ID 24
SSA CATC
Types of Attacks
Reconnaissance Attacks
Unauthorized discovery and mapping of systems, services, or vulnerabilities.Reconnaissance attacks often employ the use of packet sniffers and portscanners
Access Attacks
Exploit known vulnerabilities in authentication services, web services to gainentry to web accounts, confidential databases, and other sensitive information
Often employs a dictionary attack to guess system passwords
Denial of Service Attacks
Send extremely large numbers of requests over a network or the Internet
Cause the target device to run suboptimally
Attacked device becomes unavailable for legitimate access and use
-
8/4/2019 CCNA Security Chap 1
25/36
2007 SSA CATC. All rights reservedPresentation_ID 25
SSA CATC
Reconnaissance Attacks Usually 1st Step for Attacker
-
8/4/2019 CCNA Security Chap 1
26/36
2007 SSA CATC. All rights reservedPresentation_ID 26
SSA CATC
5 Types of Access Attacks
Password attack - attempts to guess system passwords
Trust exploitation - uses privileges granted to a system in an unauthorizedway
Port redirection - a compromised system is used as a jump-off point forattacks against other targets
Man-in-the-middle attack - attacker is positioned in the middle ofcommunications between two legitimate entities in order to read or modify
the data that passes between the two parties
Buffer overflow - program writes data beyond the allocated buffer memory.Buffer overflows usually arise as a consequence of a bug in a C or C++program = valid data is overwritten or exploited to enable the execution of
malicious code
-
8/4/2019 CCNA Security Chap 1
27/36
2007 SSA CATC. All rights reservedPresentation_ID 27
SSA CATC
Denial of Service (DoS)
Poisonous Packet
- improperly formatted packet- target device could crash or run slowly
Continuous stream of data
-
8/4/2019 CCNA Security Chap 1
28/36
2007 SSA CATC. All rights reservedPresentation_ID 28
SSA CATC
Distributed DoS (DDoS)
Attacker scans for vulnerable devices(handlers) installs Zombie software infects agent devices used to launch
attack
-
8/4/2019 CCNA Security Chap 1
29/36
2007 SSA CATC. All rights reservedPresentation_ID 29
SSA CATC
DoS Attack Symptoms
-
8/4/2019 CCNA Security Chap 1
30/36
2007 SSA CATC. All rights reservedPresentation_ID 30
SSA CATC
Reconnaissance AttackMitigation
-
8/4/2019 CCNA Security Chap 1
31/36
2007 SSA CATC. All rights reservedPresentation_ID 31
SSA CATC
Access Attack Mitigation
-
8/4/2019 CCNA Security Chap 1
32/36
2007 SSA CATC. All rights reservedPresentation_ID 32
SSA CATC
DoS Attack Mitigation
-
8/4/2019 CCNA Security Chap 1
33/36
2007 SSA CATC. All rights reservedPresentation_ID 33
SSA CATC
10 Best Practices for NetworkSecurity
1. Keep patches up to date by installing them weekly or daily, if possible,to prevent buffer overflow and privilege escalation attacks
2. Shut down unnecessary services and ports
3. Use strong passwords and change them often
4. Control physical access to systems
5. Avoid unnecessary web page inputs some websites allow users toenter usernames and passwords (plus additional info)
-
8/4/2019 CCNA Security Chap 1
34/36
2007 SSA CATC. All rights reservedPresentation_ID 34
SSA CATC
10 Best Practices for NetworkSecurity
6. Perform backups and test the backed up files on a regular basis
7. Educate employees about the risks of social engineering, and develop
strategies to validate identities over the phone, via email, or in person
8. Encrypt and password-protect sensitive data
9. Implement security hardware and software such as firewalls, IPSs,virtual private network (VPN) devices, anti-virus software
10. Develop a written security policy for the company
-
8/4/2019 CCNA Security Chap 1
35/36
2007 SSA CATC. All rights reservedPresentation_ID 35
SSA CATC
Questions?
-
8/4/2019 CCNA Security Chap 1
36/36
SSA CATC
Chapter 1 Labs
Lab-A Researching Network Attacks and SecurityAudit Tools