Chapter 04 network security
Chapter 4: Network Security CCNA Exploration 4.0 2 Objectives • Identify security threats to enterprise networks • Describe methods to mitigate security threats to enterprise networks • Configure basic router security • Disable unused router services and interfaces • Use the Cisco SDM one-step lockdown feature • Manage files and software images with the Cisco IOS Integrated File System (IFS) 3 Introduction to Network Security 4 Why is Network Security Important? • Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving. 5 The Increasing Threat to Security 6 The Increasing Threat to Security • Over the years, network attack tools and methods have evolved. • As the types of threats, attacks, and exploits have evolved, various terms have been coined to describe the individuals involved: – White hat – Hacker – Black hat – Cracker – Phreaker – Spammer – Phisher 7 Think Like a Attacker Seven-step process to gain information and state an attack: • Step 1. Perform footprint analysis (reconnaissance). • Step 2. Enumerate information. • Step 3. Manipulate users to gain access. • Step 4. Escalate privileges. • Step 5. Gather additional passwords and secrets. • Step 6. Install backdoors. • Step 7. Leverage the compromised system. 8 Types of Computer Crime • Insider abuse of network access • Virus • Mobile device theft • Phishing where an organization is fraudulently represented as the sender • Instant messaging misuse • Denial of service • Unauthorized access to information • Bots within the organization • Theft of customer or employee data • Abuse of wireless network • System penetration • Financial fraud • Password sniffing • Key logging • Website defacement • Misuse of a public web application • Theft of proprietary information • Exploiting the DNS server of an organization • Telecom fraud • Sabotage 9 Open versus Closed Networks 10 Developing a Security Policy • The first step any organization should take to protect its data and itself from a liability challenge is to develop a security policy: a set of principles that guide decision-making processes and enable leaders in an organization to distribute authority confidently. • A security policy meets these goals: – Informs users, staff, and managers of their obligatory requirements for protecting technology and information assets – Specifies the mechanisms through which these requirements can be met – Provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance with the policy • A security policy can be as simple as a brief Acceptable Use Policy for network resources, or it can be several hundred pages long and detail every element of connectivity and associated policies. [...]...Developing a Security Policy • ISO/IEC 27002 is intended to be a common basis and practical guideline • • • • • • • • • • • • for developing organizational security standards and effective security management practices The document consists of 12 sections: Risk assessment Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications... electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling 16 Physical Security Measures 17 Physical Security Measures 18 Common Security Threats: Threats to Networks 19 Common Security Threats: Threats to Networks • • Threats to Networks: four primary classes • Structured Threats: come from individuals or groups that are more highly motivated and technically... systems acquisition, development, and maintenance Information security incident management Business continuity management Compliance 11 Common Security Threats • When discussing network security, three common factors are vulnerability, threat, and attack Vulnerability • Vulnerability is the degree of weakness which is inherent in every network and device • There are three primary vulnerabilities or... not have authorized access to the computer systems or network • Internal Threats: occur when someone has authorized access to the network with either an account or physical access Unstructured Threats : consist of mostly inexperienced individuals using easily available hacking tools An attacker's skills can do serious damage to a network 20 Common Security Threats: Social Engineering • • The easiest... network Two common uses of eavesdropping are as follows: – Information gathering: Network intruders can identify usernames, passwords, or information carried in a packet – Information theft: The theft can occur as data is transmitted over the internal or external network The network intruder can also steal data from networked computers by gaining unauthorized access 23 Reconnaissance Attacks • Three... part of system and network administration staff The following are the recommended steps for worm attack mitigation: – Containment: Contain the spread of the worm in and within the network Compartmentalize uninfected parts of the network – Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems – Quarantine: Track down each infected machine inside the network Disconnect,... access 23 Reconnaissance Attacks • Three of the most effective methods for counteracting eavesdropping are as follows: – Using switched networks instead of hubs so that traffic is not broadcast to all endpoints or network hosts – Using encryption that meets the data security needs of the organization without imposing an excessive burden on system resources or users – Implementing and enforcing a policy... • There are three primary vulnerabilities or weaknesses: – Technological weaknesses – Configuration weaknesses – Security policy weaknesses 12 Vulnerabilities: Technological weaknesses 13 Vulnerabilities: Configuration weaknesses 14 Vulnerabilities: Security policy weaknesses 15 Common Security Threats Threats to Physical Infrastructure • The four classes of physical threats are: – Hardware threats:... attack tool is more sophisticated 25 Access Attacks • Trust Exploitation – To compromise a trusted host, using it to stage attacks on other hosts in a network – Trust exploitation-based attacks can be mitigated through tight constraints on trust levels within a network 26 Access Attacks 27 Access Attacks • Man-in-the-Middle Attack: – Is carried out by attackers that manage to position themselves between... disables or corrupts networks, systems, or services with the intent to deny services to intended users • Worms, Viruses, and Trojan Horses 22 Reconnaissance Attacks • Reconnaissance attacks can consist of the following: – – – – • • Internet information queries Ping sweeps Port scans Packet sniffers The information gathered by eavesdropping can be used to pose other attacks to the network Two common uses . Chapter 4: Network Security CCNA Exploration 4.0 2 Objectives • Identify security threats to enterprise networks • Describe methods to mitigate security threats to enterprise networks • Configure. (IFS) 3 Introduction to Network Security 4 Why is Network Security Important? • Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised,. labeling 17 Physical Security Measures 18 Physical Security Measures 19 Common Security Threats: Threats to Networks 20 Common Security Threats: Threats to Networks • Threats to Networks: four primary