Professional Documents
Culture Documents
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 1.1:
Securing Networks
Upon completion of this section, you should be able to:
• Describe the current network security landscape.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Topic 1.1.1:
Current State of Affairs
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Networks Are Targets
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Drivers for Network Security
Common network security terms:
• Threat
• Vulnerability
• Mitigation
Cisco Security Intelligence Operations
• Risk
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Vectors of Network Attacks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Data Loss
Vectors of data loss:
• Email/Webmail
• Unencrypted Devices
• Removable Media
• Hard Copy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Topic 1.1.2:
Network Topology Overview
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Campus Area Networks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Small Office and Home Office Networks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Wide Area Networks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Data Center Networks
Outside perimeter security:
• On-premise security officers
• Security traps
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Cloud and Virtual Networks
VM-specific threats: Components of a secure data center:
• Hyperjacking • Secure segmentation
• PIN enforcement
• Data wipe
• Jailbreak/root detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Section 1.2:
Network Threats
Upon completion of the section, you should be able to:
• Describe the evolution of network security.
• Describe malware.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Topic 1.2.1:
Who is Hacking Our Networks?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
The Hacker & The Evolution of Hackers
• Vulnerability Brokers
• Hacktivists
• Cyber Criminals
• State-Sponsored
Hackers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Topic 1.2.2:
Hacker Tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Introduction of Attack Tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Evolution of Security Tools
Penetration testing tools:
• Password crackers • Forensic
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Categories of Attack Tools
Network hacking attacks:
• Eavesdropping
• Data modification
• IP address spoofing
• Password-based
• Denial-of-service
• Man-in-the-middle
• Compromised-key
• Sniffer
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Topic 1.2.3:
Malware
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Various Types of Malware
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Viruses
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Trojan Horse Classification
Classifications:
• Security software disabler
• Remote-access
• Data-sending
• Destructive
• Proxy
• FTP
• DoS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Worms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Worm Components
Components:
1.
• Enabling vulnerability Propagate
for 19 days
• Propagation mechanism
• Payload
4.
Code Red 2.
Repeat the
cycle
Worm Launch DoS
attack for
next 7 days
Propagation
3.
Stop and go
dormant for
a few days
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Other Malware
Ransomware Scareware
Spyware Phishing
Adware Rootkits
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Topic 1.2.4:
Common Network Attacks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Types of Network Attacks
Data
Modification
Syn Flood
Smurf
Attack
Reconnaissance
Access
DoS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Reconnaissance Attacks
• Initial query of a target
• Vulnerability scanners
• Exploitation tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Access Attacks
A few reasons why hackers use access attacks:
• To retrieve data
• To gain access
• Trust exploitation
• Port redirection
• Man-in-the-middle
• Buffer overflow
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Social Engineering Attacks
• Pretexting
• Phishing
• Spearphishing
• Spam
• Tailgating
• Baiting
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Denial of Service Attacks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
DDoS Attacks
1. Hacker builds a network of infected machines
• A network of infected hosts is called a botnet.
• The compromised computers are called zombies.
• Zombies are controlled by handler systems.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Section 1.3 Mitigating Threats
Upon completion of this section, you should be able to::
• Describe methods and resources to protect the networks.
• Explain how to secure the three functional areas of Cisco routers and switches.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Topic 1.3.1:
Defending the Network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Network Security Professionals
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Network Security Organizations
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Confidentiality, Integrity, Availability
Confidentiality:
Uses encryption to
encrypt and hide
data.
Components
of
Availability:
Cryptography
Integrity:
Assures data is
accessible. Uses hashing
algorithms to
Guaranteed by
ensure data is
network hardening
unaltered during
mechanisms and
operation.
backup systems.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Topic 1.3.2:
Domains of Network Security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Network Security Domains
• Risk assessment
• Security policy
• Asset management
• Access control
• Compliance
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Network Security Policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Network Security Policy Objectives
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Topic 1.3.3:
Introducing the Cisco SecureX Architecture
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
The Security Artichoke
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Evolution of Network Security Tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
SecureX Product Families
Server Edge
and Branch
Secure Secure
Access Mobility
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
SecureX Security Technology
Cisco SecureX Architecture:
• Scanning engines
• Delivery mechanisms
• Next-generation endpoint
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Centralized Context-Aware Network Scanning Element
Defines security policies based on five parameters:
• Type of device being used for access
• Person’s identity
• Application in use
• Location
• Time of access
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Cisco Security Intelligence Operations
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Cisco Security Intelligence Operations (cont.)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Topic 1.3.4:
Mitigating Common Network Threats
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Defending the Network
Best practices:
• Develop a written security policy.
• Educate employees about the risks of social engineering, and develop strategies to
validate identities over the phone, via email, or in person.
• Control physical access to systems.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Mitigating Malware
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Mitigating Worms
Containment
Inoculation Quarantine
Treatment
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Mitigating Reconnaissance Attacks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Mitigating Access Attacks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Mitigating DoS Attacks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Topic 1.3.5:
Cisco Network Foundation Protection Framework
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
NFP Framework
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Securing the Control Plane
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Securing the Management Plane
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Securing the Data Plane
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Section 1.4:
Summary
Chapter Objectives:
• Explain network security.
• Explain tools and procedures to mitigate the effects of malware and common
network attacks.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Thank you.
Instructor Resources
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67