Professional Documents
Culture Documents
Chapter One
Modern Network Security Threats
1
Lesson Planning
北京邮电大学思科网络技术学院 2/76
Major Concepts
北京邮电大学思科网络技术学院 3/76
Lesson Objectives
北京邮电大学思科网络技术学院 4/76
Modern Network Security Threats
北京邮电大学思科网络技术学院 5/76
1.1 Fundamental Principles of a Secure Network
北京邮电大学思科网络技术学院 6/76
1.1.1 Evolution of Network Security
北京邮电大学思科网络技术学院 8/76
Evolution of Network Security
北京邮电大学思科网络技术学院 9/76
Evolution of Network Security
北京邮电大学思科网络技术学院 10/76
Evolution of Network Security
• Confidentiality
• Integrity
• Availability
北京邮电大学思科网络技术学院 11/76
Evolution of Network Security
• Confidentiality
- Prevent the disclosure of sensitive information from unauthorized
people, resources, and processes
• Integrity
- The protection of system information or processes from
intentional or accidental modification
• Availability
- The assurance that systems and data are
accessible by authorized users when needed
北京邮电大学思科网络技术学院 12/76
1.1.2 Drivers for Network Security
• Hackers
- Negative
- Positive
Hacker:
• 1960s: Phreaking,
- John Draper
• 1980s: Wardialing
• 1990s: Wardriving
• ……
北京邮电大学思科网络技术学院 14/76
Drivers for Network Security
北京邮电大学思科网络技术学院 15/76
Drivers for Network Security
北京邮电大学思科网络技术学院 16/76
1.1.3 Network Security Organizations
www.infosyssec.com
www.sans.org
www.cisecurity.org
www.cert.org
www.isc2.org
www.first.org
www.infragard.net
www.mitre.org
www.cnss.gov
北京邮电大学思科网络技术学院 17/76
Network Security Organizations - SANS
北京邮电大学思科网络技术学院 18/76
Network Security Organizations - CERT
北京邮电大学思科网络技术学院 19/76
Network Security Organizations - ISC2
北京邮电大学思科网络技术学院 20/76
1.1.4 Domains of Network Security
ISO/IEC 17799
北京邮电大学思科网络技术学院 21/76
Domains of Network Security
北京邮电大学思科网络技术学院 22/76
What Is a Security Policy?
北京邮电大学思科网络技术学院 23/76
Documents Supporting Policies
北京邮电大学思科网络技术学院 24/76
1.1.5 Network Security Policies
北京邮电大学思科网络技术学院 25/76
Network Security Policies
(SDN)
北京邮电大学思科网络技术学院 26/76
Network Security Policies
北京邮电大学思科网络技术学院 27/76
Network Security Policies
北京邮电大学思科网络技术学院 28/76
Network Security Policies
北京邮电大学思科网络技术学院 29/76
Example: The Policy
• All users must have a unique user ID and password that conforms to
• Users must not share their password with anyone regardless of title or
position
北京邮电大学思科网络技术学院 30/76
Example: The Standards
北京邮电大学思科网络技术学院 31/76
Example: The Guideline
• Take a phrase
Up and At ‘em at 7!
北京邮电大学思科网络技术学院 32/76
Example: The Procedure
北京邮电大学思科网络技术学院 33/76
Policy Elements
北京邮电大学思科网络技术学院 34/76
Policy Elements, 2
北京邮电大学思科网络技术学院 35/76
Policy Example
Purpose The purpose of this policy is to protect the assets of the organization by clearly informing staff of their roles
and responsibilities for keeping the organization’s information confidential.
Audience ABC Co confidentiality agreement policy applies equally to all individuals granted access privileges to an
ABC Co Information resources
Policy This policy requires that staff sign a confidentiality policy agreement prior to being granted access to any
sensitive information or systems.
Agreements will be reviewed with the staff member when there is any change to the employment or contract,
or prior to leaving the organization.
The agreements will be provided to the employees by the Human Resource Dept.
Exceptions At the discretion of the Information Security Officer, third parties whose contracts include a confidentiality
clause may be exempted from signing individual confidentiality agreements.
Disciplinary Violation of this policy may result in disciplinary actions, which may include termination for employees and
Actions temporaries; a termination of employment relations in the case of contractors or consultants; or dismissal for
interns and volunteers. Additionally, individuals are subject to civil and criminal prosecution.
北京邮电大学思科网络技术学院 36/76
1.2 Viruses, Worms, and Trojan Horses
• 1.2.1 Virus
- is malicious software which attaches to another program to execute
a specific unwanted function on a computer.
• 1.2.2 Worm
- executes arbitrary code and installs copies of itself in the memory
of the infected computer, which then infects other hosts.
北京邮电大学思科网络技术学院 37/76
1.2.1 Viruses
北京邮电大学思科网络技术学院 38/76
1.2.2 Worms
北京邮电大学思科网络技术学院 39/76
Worms
北京邮电大学思科网络技术学院 40/76
Worms
北京邮电大学思科网络技术学院 41/76
1.2.3 Trojan Horses
• The term Trojan Horse originated from Greek mythology.
• A Trojan Horse in the world of computing is malware
software.
- It have to be “spread” via human engineering or by manually
emailing them.
- It does not replicate itself, and it does not infect other files.
北京邮电大学思科网络技术学院 42/76
Trojan Horses
北京邮电大学思科网络技术学院 43/76
1.2.4 Mitigating Viruses, Worms, and Trojan Horses
北京邮电大学思科网络技术学院 44/76
Mitigating Viruses, Worms, and Trojan Horses
北京邮电大学思科网络技术学院 45/76
Mitigating Viruses, Worms, and Trojan Horses
北京邮电大学思科网络技术学院 46/76
Mitigating Viruses, Worms, and Trojan Horses
北京邮电大学思科网络技术学院 47/76
1.3 Attack Methodologies
北京邮电大学思科网络技术学院 48/76
1.3.1 Reconnaissance Attack
2. Access Attacks
Access attacks exploit known vulnerabilities in authentication
services, FTP services, and web services .
北京邮电大学思科网络技术学院 49/76
Reconnaissance Attack
北京邮电大学思科网络技术学院 50/76
Reconnaissance Attack
• A packet sniffer is a software application.
• Uses a network adapter card in promiscuous mode to
capture all network packets that are sent across a LAN.
• Some network applications distribute network packets in
unencrypted plaintext.
北京邮电大学思科网络技术学院 51/76
Reconnaissance Attack
北京邮电大学思科网络技术学院 52/76
Reconnaissance Attack
北京邮电大学思科网络技术学院 53/76
1.3.2 Access Attacks
北京邮电大学思科网络技术学院 54/76
Access Attacks
• Password attack
北京邮电大学思科网络技术学院 55/76
Access Attacks
• Trust exploitation
北京邮电大学思科网络技术学院 56/76
Access Attacks
• Port redirection
北京邮电大学思科网络技术学院 57/76
Access Attacks
• Man-in-the-middle attack
北京邮电大学思科网络技术学院 58/76
Access Attacks
• Buffer overflow
北京邮电大学思科网络技术学院 59/76
Access Attacks
Bandwidth utilization
Detect the Man-in-the-middle attacks.
- Process loads
Detect the buffer overflow attacks.
北京邮电大学思科网络技术学院 60/76
1.3.3 Denial of Service Attacks
北京邮电大学思科网络技术学院 61/76
Denial of Service Attacks
• Dos
北京邮电大学思科网络技术学院 62/76
Denial of Service Attacks
北京邮电大学思科网络技术学院 63/76
Denial of Service Attacks
• Ping of Death
- A hacker sends an echo request in an IP packet larger than the maximum packet size of 65,535 bytes
北京邮电大学思科网络技术学院 64/76
Denial of Service Attacks
• Smurf Attack
北京邮电大学思科网络技术学院 65/76
Denial of Service Attacks
北京邮电大学思科网络技术学院 66/76
Denial of Service Attacks - Email Attacks
北京邮电大学思科网络技术学院 67/76
DoS - Physical Infrastructure Attacks
北京邮电大学思科网络技术学院 68/76
Mitigating Network Attacks
北京邮电大学思科网络技术学院 69/76
Denial of Service Attacks
• To date, hundreds of DoS attacks have been documented.
• There are five basic ways that DoS attacks can do harm:
- Consumption of computational resources, such as bandwidth, disk space, or
processor time
- Disruption of configuration information, such as routing information
- Disruption of state information, such as unsolicited resetting of TCP sessions
- Disruption of physical network components
- Obstruction of communication between the victim and others.
北京邮电大学思科网络技术学院 70/76
Tools of the Attacker
北京邮电大学思科网络技术学院 71/76
1.3.4 Mitigating Network Attacks
北京邮电大学思科网络技术学院 72/76
Mitigating Network Attacks
• Several techniques are available for mitigating access attacks.
北京邮电大学思科网络技术学院 73/76
Mitigating Network Attacks
• Mitigating DDoS attacks requires careful diagnostics, planning, and
cooperation from ISPs.
• The most important elements for mitigating DoS attacks are firewalls
and IPSs.
北京邮电大学思科网络技术学院 74/76
Mitigating Network Attacks
• There are 10 best practices for your network:
1. Keep patches up to date by installing them weekly or daily, if possible, to prevent
buffer overflow and privilege escalation attacks.
2. Shut down unnecessary services and ports.
3. Use strong passwords and change them often.
4. Control physical access to systems.
5. Avoid unnecessary web page inputs.
6. Perform backups and test the backed up files on a regular basis.
7. Educate employees about the risks of social engineering, and develop strategies
to validate identities over the phone, via email, or in person.
8. Encrypt and password-protect sensitive data.
9. Implement security hardware and software firewalls, IPSs, virtual private network
(VPN) devices, anti-virus software, and content filtering.
10. Develop a written security policy for the company.
北京邮电大学思科网络技术学院 75/76
北京邮电大学思科网络技术学院 76/76