CCNASv2 Chapter1 modified tài liệu, giáo án, bài giảng , luận văn, luận án, đồ án, bài tập lớn về tất cả các lĩnh vực ki...
Chapter 1: Modern Network Security Threats CCNA Security v2.0 Instructor: VÕ TẤN DŨNG ITC-Cisco Academy Information Technology College of HCM City Upon completion of this section, you should be able to: • Describe the current network security landscape • Explain how all types of networks need to be protected © 2013 Cisco and/or its affiliates All rights reserved Cisco Public © 2013 Cisco and/or its affiliates All rights reserved Cisco Public © 2013 Cisco and/or its affiliates All rights reserved Cisco Public Common network security terms: • Threat (mối đe dọa) • Vulnerability (lỗ hổng, điểm yếu, điểm dễ bị tổn thương) • Mitigation (giảm thiểu) • Risk (rủi ro) © 2013 Cisco and/or its affiliates All rights reserved Cisco Security Intelligence Operations Cisco Public • This is the potential (tiềm năng) for a vulnerability (lỗ hổng) to turn into (chuyển thành) a network attack These include malware, exploits, and more • In computer security a threat is a possible danger (nguy hiểm tiềm ẩn) that might exploit a vulnerability to breach security and therefore cause possible harm © 2013 Cisco and/or its affiliates All rights reserved Cisco Public Threats can be classified according to their type (loại)and origin (nguồn gốc): Types of threats: • Physical damage (hư hại vật lý): fire, water, pollution (ô nhiễm) • Natural events (các tượng tự nhiên): climatic, seismic, volcanic (khí hậu, địa chấn, núi lửa) • Loss of essential services: electrical power, air conditioning, telecommunication • Compromise of information (làm tổn hại thông tin): eavesdropping (nghe lén), theft of media, retrieval of discarded materials (phục hồi vật liệu bỏ đi) • Technical failures: equipment, software, capacity saturation (bão hòa dung lượng), • Compromise of functions: error in use, abuse (lạm dụng) of rights, denial of actions (từ chối hành động) © 2013 Cisco and/or its affiliates All rights reserved Cisco Public The threats are classified into two categories: Internal Threats • These security threats originate from within the internal users The attacks by internal users are severe as the vulnerabilities of the network are known to these users According to the results of a recent study carried out, 80% of all network misuse originates from internal users External Threats • These are the threats to the security of the network originating from the outside users The probability of attacks falling under this category is much less than the probability of an internal attack This is so for the simple reason that outside users not have easy access to the network But they cause serious consequences © 2013 Cisco and/or its affiliates All rights reserved Cisco Public • A vulnerability is a weakness which allows an attacker to reduce a system's information assurance (đảm bào thơng tin hệ thống) • Vulnerability is the intersection of three elements: • a system susceptibility or flaw (tính dễ bị tổn thương hệ thống thiếu sót) • attacker access to the flaw (thiếu sót) • attacker capability to exploit the flaw (khả cơng attacker) • Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities © 2013 Cisco and/or its affiliates All rights reserved Cisco Public • Mitigation is to lessen in force or intensity • Some common mitigation techniques: password integrity, password encryption, TCP intercept (chặn), and no ip directed-broadcast • Our discussion includes the following mitigation techniques: • Authentication, Authorization, and Accounting (AAA) • Cisco access control lists (ACLs) • Cisco Internetwork Operating System (IOS) secure management features • Encryption protocols • Security appliances (thiết bị) and applications © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 10 © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 81 • It is vital (sống còn) for network security professionals to understand the reasons for network security They must also be familiar with the organizations dedicated to network security, as well as the 12 network security domains • Domains provide a framework for discussing network security • There are 12 network security domains specified by the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) Described by ISO/IEC 27002, these 12 domains serve to organize, at a high level, the vast realm (lĩnh vực rộng lớn) of information under the umbrella (che chở) of network security These domains have some significant parallels with domains defined by the Certified Information Systems Security Professional (CISSP) certification © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 82 • Risk assessment (đánh giá rủi ro) • Security policy (chính sách bảo mật) • Organization of information security (tổ chức an tồn thơng tin) • Asset management (quản lý tài sản) • Human resources security (anh ninh nhân sự) • Physical and environmental security (an ninh vật chất mơi trường) • Communications and operations management (quản lý hoạt động truyền thơng) • Information systems acquisition, development, and maintenance (thu thập, phát triển bảo trì hệ thống thơng tin) • Access control (kiểm sốt truy cập) • Information security incident management (quản lý cố bảo mật thơng tin) • Business continuity management (quản lý tớnh liờn tc cụng vic) Compliance (tuõn th) â 2013 Cisco and/or its affiliates All rights reserved Cisco Public 83 • Risk assessment: This is the first step in the risk management process It determines the quantitative and qualitative value of risk related to a specific situation or recognized threat • Security Policy: A document that addresses the constraints and behaviors of members of an organization and often specifies how data can be accessed and what data is accessible by whom • Organizations of information security: This is the governance model set out by an organization for information security • Asset management: This is an inventory (kiểm kê) of and classification scheme for information assets • Human Resource security: This addresses security procedures relating to employees joining, moving within, and leaving an organization © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 84 • Physical and environmental security: This describes the protection of the computer facilities within an organization • Communication and operations management: This describes the management of technical security controls in systems and networks • Access control: This describes the restriction of access rights to networks, systems, applications, functions, and data • Information system acquisitions, development and maintenance: This describes how to anticipate (biết trước) and respond to information security breaches (vi phạm) • Information security incident (sự cố) management: This describes how to anticipate (biết trước) and respond to information security breaches • Business continuity management:This describes the protection, maintenance, and recovery of business-critical processes and systems • Compliance: This describes the process of ensuring conformance with information security policies, standards, and regulations © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 85 (1) © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 86 • One of the most important domains is the security policy domain A security policy is a formal statement of the rules by which people that are given access to the technology and information assets of an organization, must abide (chịu đựng) The concept, development, and application of a security policy are critical (quan trọng) to keeping an organization secure It is the responsibility of network security professionals to weave (kết lại) the security policy into all aspects of business operations within an organization • The network security policy is a broad, end-to-end document designed to be clearly applicable to an organization’s operations The policy is used to aid in network design, convey security principles, and facilitate network deployments (thuận lợi triển khai mạng) © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 87 • The network security policy outlines rules for network access, determines how policies are enforced, and describes the basic architecture of the organization’s network security environment Because of its breadth (phạm vi) of coverage and impact (tác động), it is usually compiled (góp nhặt) by a committee, It is a complex document meant to govern items such as data access, web browsing, password usage, encryption, and email attachments • When a policy is created, it must be clear what services will be made available to specific users The network security policy establishes a hierarchy of access permissions, giving employees only the minimal access necessary to perform their work © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 88 • The network security policy outlines what assets should be protected and gives guidance on how they should be protected This will then be used to determine the security devices and mitigation strategies and procedures that should be implemented on the network One possible guideline that administrators can use when developing the security policy, and when determining various mitigation strategies, is the Cisco SecureX architecture • A network security policy explicitly defines how frequently virus software updates and virus definition updates must be installed Additionally, the network security policy includes guidelines for what users can and cannot This is normally stipulated (quy định) as a formal acceptable use policy (AUP) The AUP must be as explicit as possible to avoid misunderstanding © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 89 © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 90 © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 91 • A common analogy (tương đồng chung) used to describe what a hacker must to launch an attack was called the “Security Onion.” In the analogy, a hacker would have to peel away (lột tách) at a network’s defense mechanisms in a similar manner to peeling an onion • The Borderless (không biên giới) network has changed this analogy to the “Security Artichoke.” In this analogy, hackers no longer have to peel away each layer They only need to remove certain ‘artichoke leafs’ The bonus is that each ’leaf’ of the network may reveal sensitive data that is not well secured And leaf after leaf, it all leads the hacker to more data The heart of the artichoke is where the most confidential data is found Each leaf provides a layer of protection while simultaneously providing a path to attack © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 92 • Not every leaf needs to be removed in order to get at the heart of the artichoke The hacker chips away (làm nứt) at the security armor (áo giáp) along the perimeter (vành đai) to get to the “heart” of the enterprise • While Internet-facing systems are usually very well protected and boundary protections are typically solid, persistent hackers, aided by a mix of skill and luck, eventually (rốt cuộc) find a gap in that hard-core exterior (bên ngoài)through which they can enter and go where they please © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 93 © 2013 Cisco and/or its affiliates All rights reserved Cisco Public 94 Thank you