Scribd Logo
Upload

Welcome to Scribd!

  • CCNAv2 Chapter 04

    Uploaded by

    Dr. Ahmed Nasir
    6 views15 pages
    This chapter discusses network security concepts including threats, vulnerabilities, exploits, and mitigation techniques. It describes elements of a security program like user awareness training and physical access control. Password policies around management, complexity, and alternatives to passwords are also examined. Common security attacks like spoofing, denial-of-service, man-in-the-middle, and reflection attacks are illustrated. The chapter summarizes types of malware, human security vulnerabilities, password authentication methods, and the AAA (authentication, authorization, accounting) model.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This chapter discusses network security concepts including threats, vulnerabilities, exploits, and mitigation techniques. It describes elements of a security program like user awareness training and physical access control. Password policies around management, complexity, and alternatives to passwords are also examined. Common security attacks like spoofing, denial-of-service, man-in-the-middle, and reflection attacks are illustrated. The chapter summarizes types of malware, human security vulnerabilities, password authentication methods, and the AAA (authentication, authorization, accounting) model.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views15 pages

    CCNAv2 Chapter 04

    Uploaded by

    Dr. Ahmed Nasir
    This chapter discusses network security concepts including threats, vulnerabilities, exploits, and mitigation techniques. It describes elements of a security program like user awareness training and physical access control. Password policies around management, complexity, and alternatives to passwords are also examined. Common security attacks like spoofing, denial-of-service, man-in-the-middle, and reflection attacks are illustrated. The chapter summarizes types of malware, human security vulnerabilities, password authentication methods, and the AAA (authentication, authorization, accounting) model.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    CCNA 200-301, Volume 2

    Chapter 4
    Security Architectures
    Objectives
    • Define key security concepts (threats, vulnerabilities,
    exploits, and mitigation techniques)
    • Describe security program elements (user awareness,
    training, and physical access control)
    • Describe security password policies elements, such as
    management, complexity, and password alternatives
    (multifactor authentication, certificates, and
    biometrics)
    • Differentiate authentication, authorization, and
    accounting concepts
    Example of an Enterprise Closed System
    Example Enterprise Extends Beyond Its Own
    Boundary
    Security Terminology Illustrated
    Sample Spoofing Attack
    Sample Denial-of-Service Attack
    A Sample Reflection Attack
    A Man-in-the-Middle Attack Begins
    A Man-in-the-Middle Attack Succeeds
    Summary of Address Spoofing Attacks
    Goal DoS/DDoS Reflection Amplification Man-in-the-
    Middle
    Exhaust a system Yes No No No
    service or resource;
    crash the target system
    Trick an unwitting No Yes Yes No
    accomplice host to send
    traffic to target
    Eavesdrop on traffic No No No Yes
    Modify traffic passing No No No Yes
    through
    Summary of Malware Types
    Characteristic Trojan Horse Virus Worm
    Packaged inside Yes No No
    other software
    Self-injected into No Yes No
    other software
    Propagates No No Yes
    automatically
    Summary of Human Security Vulnerabilities
    Attack Type Goal
    Social engineering Exploits human trust and social behavior
    Phishing Disguises a malicious invitation as something legitimate
    Spear phishing Targets group of similar users
    Whaling Targets high-profile individuals
    Vishing Uses voice calls
    Smishing Uses SMS text messages
    Pharming Uses legitimate services to send users to a compromised
    site
    Watering hole Targets specific victims who visit a compromised site
    Summary of Password Authentication and
    Alternatives

    Characteristic Password Two- Digital Biometric


    Only Factor Certificates
    Something you know Yes Yes
    Something you have Yes Yes
    Something you are Yes
    Simplified View of AAA

    You might also like