Scribd Logo
Upload

Welcome to Scribd!

  • Portuguese CCNA 7 Seguranca LAN

    Uploaded by

    Ramon Santos Costa
    7 views41 pages
    Portuguese CCNA 7 Seguranca LAN

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Portuguese CCNA 7 Seguranca LAN

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views41 pages

    Portuguese CCNA 7 Seguranca LAN

    Uploaded by

    Ramon Santos Costa
    Portuguese CCNA 7 Seguranca LAN

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 41

    CCNA 7: LAN Security

    Cisco Networking Academy


    February 2020 IPD Week

    #NetAcadIPD
    http://cs.co/IPD20
    NetAcad.com
    © 2019 Cisco and/or its affiliates. All rights reserved.
    Agenda
    Technical Session

    3
    CCNA v7 Modules
    4
    End Point Security

    L2 Security

    Next Steps

    © 2019 Cisco and/or its affiliates. All rights reserved.


    CCNA v7

    © 2019 Cisco and/or its affiliates. All rights reserved.


    CCNA 7.0 Course Outlines
    CCNA v7 Course #1 CCNA v7 Course #2 CCNA v7 Course #3
    Networking Today Basic Device Configuration Single-Area OSPFv2 Concepts
    Basic Switch and End Device Switching Concepts Single-Area OSPFv2
    Configuration VLANs Configuration
    Protocol Models Inter-VLAN Routing WAN Concepts
    Physical Layer STP Network Security Concepts
    Number Systems
    Etherchannel ACL Concepts
    Data Link Layer
    DHCPv4
    Ethernet Switching ACLs for IPv4 Configuration
    SLAAC and DHCPv6 Concepts
    Network Layer NAT for IPv4
    Address Resolution FHRP Concepts
    VPN and IPsec Concepts
    Basic Router Configuration LAN Security Concepts
    Switch Security Configuration QoS Concepts
    IPv4 Addressing
    IPv6 Addressing WLAN Concepts Network Management
    ICMP WLAN Configuration Network Design
    Transport Layer Routing Concepts Network Troubleshooting
    Application Layer IP Static Routing Network Virtualization
    Network Security Fundamentals Troubleshoot Static and Default Network Automation
    Build a Small Network Routes
    __ New/significantly changed
    © 2019 Cisco and/or its affiliates. All rights reserved. content
    Download Draft Scope and Sequence
    Scope and Sequence

    © 2019 Cisco and/or its affiliates. All rights reserved.


    End Point Security

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Today’s risk reality

    More interconnected than ever


    Expanded attack surface Multi-cloud reality
    A software-defined world
    Continuous operations
    Must keep business running
    Automated and
    sophisticated threats
    Workers connecting High likelihood of a breach
    everywhere
    Loss of control

    © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
    Attack landscape
    Advanced Persistent Threats
    constantly evolving Supply chain attacks

    Ransomware

    Unpatched Software
    Data/IP Theft
    Spyware/Malware
    Malvertising
    Wiper Attacks
    Drive by Downloads
    Phishing
    Rogue Software
    Man in the Middle
    Botnets
    DDoS
    Credential compromise
    Cryptomining

    © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
    Network Attacks Today

    • Distributed Denial of Service: This is a coordinated attack from many


    devices, called zombies, with the intention of degrading or halting public
    access to an organization’s website and resources
    • Data Breach: This is an attack in which an organization’s data servers or
    hosts are compromised to steal confidential information.
    • Malware: This is an attack in which an organization’s hosts are infected
    with malicious software that cause a variety of problems. For example,
    ransomware such as WannaCry

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Traditional Endpoint Security

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Modern Endpoint Security Solutions

    © 2019 Cisco and/or its affiliates. All rights reserved.


    E-mail Security Appliance (ESA)

    • According to the Cisco


    Security Report during
    April 2019, 85% of all e-
    mail send was Spam

    • Cisco ESA is constantly


    updated by real-time
    feeds from Cisco Talos

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Web Security Appliance (WSA)

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Backed by the industry’s best threat intelligence

    Web/URL Network Analysis Email Malware/Endpoint DNS/IP Network Intrusions

    III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00 Accurately identify


    Threat intelligence researchers
    III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0 and block known threats

    00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 Quickly analyze


    Analyze network telemetry
    II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00 suspicious payloads

    II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I Detect and block threats
    Threat processing centers
    III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 in email messages

    00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 00 Block access to known or suspected
    Threat intelligence partners
    0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0 malicious web sites
    © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
    Endpoint Protection

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Impossibly complex

    © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
    So many alerts

    44%
    of alerts are
    56% 34%
    of investigated
    51%
    of legitimate
    49%
    of legitimate
    of alerts are alerts are legitimate alerts are alerts are not
    remediated remediated
    NOT investigated investigated

    Source: Cisco Annual CyberSecurity Report 2018


    © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
    Access Control

    © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
    Access Control –AAA Concept

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Access Control with 802.1x

    © 2019 Cisco and/or its affiliates. All rights reserved.


    L2 Security Threats

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Why L2 security is so important?

    © 2019 Cisco and/or its affiliates. All rights reserved.


    L2 Attacks in CCNA7

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Attack
    Mitigation
    Techniques

    © 2019 Cisco and/or its affiliates. All rights reserved.


    MAC Address Table
    Attack

    © 2019 Cisco and/or its affiliates. All rights reserved.


    MAC Address Table Flooding

    © 2019 Cisco and/or its affiliates. All rights reserved.


    Macof tool

    • macof so dangerous is that an attacker can create a MAC table


    overflow attack very quickly.
    • For instance, a Catalyst 6500 switch can store 132,000 MAC
    addresses in its MAC address table.
    • A tool such as macof can flood a switch with up to 8,000 bogus
    frames per second

    © 2019 Cisco and/or its affiliates. All rights reserved.


    VLAN Attacks

    © 2019 Cisco and/or its affiliates. All rights reserved.


    VLAN Hopping Attacks

    © 2019 Cisco and/or its affiliates. All rights reserved.


    VLAN Double-Tagging Attack

    Step 1 – Double Tagging Attack

    Step 2 – Double Tagging Attack

    Step 3 – Double Tagging Attack

    © 2019 Cisco and/or its affiliates. All rights reserved.


    DHCP Attacks

    © 2019 Cisco and/or its affiliates. All rights reserved.


    DHCP Starvation Attack
    Attacker Initiates a Starvation Attack

    DHCP Server Offers Parameters

    © 2019 Cisco and/or its affiliates. All rights reserved.


    DHCP Starvation Attack
    Client Requests all Offers

    DHCP Server Acknowledges All Requests

    © 2019 Cisco and/or its affiliates. All rights reserved.


    DHCP Spoofing

    © 2019 Cisco and/or its affiliates. All rights reserved.


    ARP and STP
    Attacks

    © 2019 Cisco and/or its affiliates. All rights reserved.


    ARP Spoofing and ARP Poisoning Attack

    © 2019 Cisco and/or its affiliates. All rights reserved.


    STP Manipulation Attacks

    Spoofing the Root Bridge

    Successful STP Manipulation Attack

    © 2019 Cisco and/or its affiliates. All rights reserved.


    CDP Reconnaissance

    © 2019 Cisco and/or its affiliates. All rights reserved.


    CDP Reconnaissance

    © 2019 Cisco and/or its affiliates. All rights reserved.


    CDP Reconnaissance - Mitigation

    • Disable CDP using no cdp run at the global config

    • Or disable at the interface level using no cdp enable

    © 2019 Cisco and/or its affiliates. All rights reserved.

    You might also like