Instructor Materials – Chapter 1: Modern Network Security Threats
1.1 Securing Networks
1.2 Network Threats
1.3 Mitigating Threats
Section 1.1: Securing Networks
Upon completion of this section, you should be able to:
- Describe the current network security landscape.
- Explain how all types of networks need to be protected.
Topic 1.1.1: Current State of Affairs
Networks Are Targets
Drivers for Network Security
- Common network security terms:
Vectors of Network Attacks
- Vectors of data loss:
- Unencrypted Devices
- Cloud Storage Devices
- Removable Media
- Hard Copy
- Improper Access Control
Topic 1.1.2: Network Topology Overview
Campus Area Networks
Small Office and Home Office Networks
Wide Area Networks
Data Center Networks
- Outside perimeter security:
- On-premise security officers
- Fences and gates
- Continuous video surveillance
- Security breach alarms
- Inside perimeter security:
- Electronic motion detectors
- Security traps
- Continuous video surveillance
- Biometric access and exit sensors
Cloud and Virtual Networks
- VM-specific threats:
- Instant On activation
- Antivirus storm
- Components of a secure data center:
- Secure segmentation
- Threat defense
The Evolving Network Border
- Critical MDM functions for BYOD network:
- Data encryption
- PIN enforcement
- Data wipe
- Data loss prevention
- Jailbreak/root detection
Section 1.2: Network Threats
Topic 1.2.1: Who is Hacking Our Networks?
- Modern hacking titles:
- Script Kiddies
- Vulnerability Brokers
- Cyber Criaminals
- State-Sponsored Hackers
Topic 1.2.2: Hacker Tools
Introduction of Attack Tools
Evolution of Security Tools
- Penetration testing tools:
- Password crackers
- Wireless hacking
- Network scanning and hacking
- Packet crafting
- Packet sniffers
- Rootkit detectors
- Fuzzers to search vulnerabilities
- Hacking operating systems
- Vulnerability exploitation
- Vulnerability Scanners
Categories of Attack Tools
- Network hacking attacks:
- Data modification
- IP address spoofing
Topic 1.2.3: Malware
Various Types of Malware
Trojan Horse Classification
- Security software disabler
- Initial Code Red Worm Infection
- Code Red Worm Infection 19 Hours Later
- Enabling vulnerability
- Propagation mechanism
Activity – Identify the Malware Type
Topic 1.2.4:Common Network Attacks
Types of Network Attacks
- Initial query of a target
- Ping sweep of the target network
- Port scan of active IP addresses
- Vulnerability scanners
- Exploitation tools
Sample Reconnaissance Attacks
- A few reasons why hackers use access attacks:
- To retrieve data
- To gain access
- To escalate access privileges
- A few types of access attacks include:
- Trust exploitation
- Port redirection
- Buffer overflow
- IP, MAC, DHCP spoofing
Social Engineering Attacks
- Something for Something
Denial of Service Attacks
Types of DoS Attacks
- Hacker builds a network of infected machines
- A network of infected hosts is called a botnet.
- The compromised computers are called zombies.
- Zombies are controlled by handler systems.
- Zombie computers continue to scan and infect more targets
- Hacker instructs handler system to make the botnet of zombies carry out the DDoS attack
Activity – Identify the Types of Attack
Lab – Social Engineering
Section 1.3: Mitigating Threats
- Upon completion of this section, you should be able to::
- Describe methods and resources to protect the networks.
- Describe a collection of domains for network security.
- Explain the purpose of the Cisco SecureX Architecture.
- Describe the techniques used to mitigate common network attacks.
- Explain how to secure the three functional areas of Cisco routers and switches.
Topic 1.3.1: Defending the Network
Network Security Professionals
Network Security Organizations
Confidentiality, Integrity, Availability
Topic 1.3.2: Domains of Network Security
Network Security Domains
- Risk assessment
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Information systems acquisition, development, and maintenance
- Access control
- Information security incident management
- Business continuity management
Network Security Policy
Network Security Policy Objectives
Topic 1.3.3: Introducing the Cisco SecureX Architecture
The Security Artichoke
Evolution of Network Security Tools
SecureX Product Families
SecureX Security Technology
- Cisco SecureX Architecture:
- Scanning engines
- Delivery mechanisms
- Security intelligence operations (SIO)
- Policy management consoles
- Next-generation endpoint
Centralized Context-Aware Network Scanning Element
- Defines security policies based on five parameters:
- Type of device being used for access
- Person’s identity
- Application in use
- Time of access
Cisco Security Intelligence Operations
Topic 1.3.4: Mitigating Common Network Threats
Defending the Network
- Best practices:
- Develop a written security policy.
- Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.
- Control physical access to systems.
- Use strong passwords and change them often.
- Encrypt and password-protect sensitive data.
- Implement security hardware and software.
- Perform backups and test the backed up files on a regular basis.
- Shut down unnecessary services and ports.
- Keep patches up-to-date by installing them weekly or daily to prevent buffer overflow and privilege escalation attacks.
- Perform security audits to test the network.
Mitigating Reconnaissance Attacks
Mitigating Access Attacks
Mitigating DoS Attacks
Topic 1.3.5: Cisco Network Foundation Protection Framework
Securing the Control Plane
Securing the Management Plane
Securing the Data Plane
Activity – Identify Characteristics of the NFP Framework
Section 1.4: Summary
- Chapter Objectives:
- Explain network security.
- Describe various types of threats and attacks.
- Explain tools and procedures to mitigate the effects of malware and common network attacks.