CCNA Security 1.1 Instructional Resource

Transcription

1 CCNA Security 1.1 Instructional Resource Chapter 1 - Modern Security Threats 2012 Cisco and/or its affiliates. All rights reserved. 1

2 Describe the evolution of network security. Describe the drivers for network security. Describe the major network security organizations. Describe the domains of network security. Describe network security policies. Describe viruses, worms, and Trojan Horses. Describe how to mitigate threats from viruses, worms, and Trojan Horses. Describe how network attacks are categorized. Describe reconnaissance attacks. Describe access attacks. Describe Denial of Service attacks. Describe how to mitigate network attacks Cisco and/or its affiliates. All rights reserved. 2

3 1.0 Understanding Security Threats 1.1 Describe common security threats Common threats to the physical installation Mitigation methods for common network attacks based threats* Web-based attacks* Mitigation methods for Worm, Virus, and Trojan Horse attacks Mobile/remote security* *These claims are also covered in later chapters in more detail Cisco and/or its affiliates. All rights reserved. 3

4 Almost as long as there have been computer networks, there have been attacks against them. Network security has to balance the demand to make the network available with the need to keep data and information secure. Network security professionals have to stay up to date with attacks and mitigation techniques. This includes maintaining awareness of the organizations that track and report on trending threats Cisco and/or its affiliates. All rights reserved. 4

5 Chapter 0 Lab: Configuring Devices for Use with Cisco Configuration Professional Part 1: Basic Network Device Configuration Part 2: Configure CCP Access for Routers Part 3: Basic CCP Configuration Chapter 1 Lab: Researching Network Attacks and Security Audit Tools Part 1: Researching Network Attacks Part 2: Researching Security Audit Tools 2012 Cisco and/or its affiliates. All rights reserved. 5

6 SANS CERT ISC 2 CVE CIS GIAC DARPA CBK CISSP RSS ISO SysAdmin, Audit, Network, Security (SANS) Institute Computer Emergency Response Team (CERT) International Information Systems Security Certification Consortium (pronounce as "I-S-C-squared") common vulnerabilities and exposures Center for Internet Security Global Information Assurance Certification Defense Advanced Research Projects Agency common body of knowledge Certified Information Systems Security Professional Really Simple Syndication International Organization for Standardization 2012 Cisco and/or its affiliates. All rights reserved. 6

7 IEC SecureX SIO AUP virus IDS IPS worm Trojan Horse International Electrotechnical Commission SecureX is a security architecture outlined by Cisco. Security Intelligence Operations acceptable use policy A virus is malicious software which attaches to another program to execute a specific unwanted function on a computer. intrusion detection system intrusion prevention system Worms are self-contained programs that attack a system to exploit a known vulnerability. A Trojan Horse is an application written to look like something else. When a Trojan Horse is downloaded and opened, it attacks the end-user computer from within Cisco and/or its affiliates. All rights reserved. 7

8 reconnaissance attack access attack DoS attack DDoS packet sniffer promiscuous mode Reconnaissance attacks involve the unauthorized discovery and mapping of systems, services, or vulnerabilities. Access attacks exploit known vulnerabilities in services to gain entry. Denial of Service (DoS) attacks attempt to make a computer resource unavailable to its intended users. Typically accomplished by sending an extremely large number of requests over a network or the Internet to a target device / server. The goal is to make it so that the device cannot respond to legitimate traffic, or responds so slowly that the service is rendered effectively unavailable. A Distributed Denial of Service Attack (DDoS) is similar in intent to a DoS attack, except that a DDoS attack originates from multiple coordinated sources. A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. Promiscuous mode is a mode in which the network adapter card sends all packets that are received to an application for processing Cisco and/or its affiliates. All rights reserved. 8

9 ping sweep port scan ASA ping of death OTP brute-force attack man-in-the-middle attack buffer overflow A ping sweep is a basic network scanning technique that determines which range of IP addresses map to live hosts. Port scanning is a scan of a range of TCP or UDP port numbers on a host to detect listening services. Cisco Adaptive Security Appliance In a ping of death attack, a hacker sends an echo request in an IP packet larger than the maximum packet size of 65,535 bytes. A one-time password is a password that is valid for only one login session and avoids the shortcomings that are associated with a static password that can be re-used multiple times. A brute-force attack involves repeated login attempts based on a built-in dictionary to identify a user account or password. An attacker is positioned in the middle of communications between two legitimate entities in order to read or modify the data that passes between the two parties. A buffer overflow occurs when a fixed-length buffer reaches its capacity and a process attempts to store data above and beyond that maximum limit Cisco and/or its affiliates. All rights reserved. 9

10 Timelines for events, threats and mitigation methods have been updated. SecureX is introduced and will be explained in detail in Chapter 9. A reference to the Cisco Adaptive Security Appliance (ASA) has been added. The ASA will be introduced in Chapter Cisco and/or its affiliates. All rights reserved. 10

11 The first lab (Chapter 0) leads students through configuring devices to use Cisco Configuration Professional (CCP). Since CCP is used extensively throughout the labs, it is critical that all students perform this lab. This is also a good time for students to practice basic configuration and cabling. If you are short on time or equipment, pre-configure Part 1 of the lab and have students focus on Parts 2 and 3. The lab for Chapter 1 is a research lab and could be extended beyond this chapter Cisco and/or its affiliates. All rights reserved. 11

12 Remind students that the term virus was adopted because of the similarity in form, function and consequence with biological viruses that attack the human system. Like their biological counterparts, computer viruses can spread rapidly and selfreplicate systematically. They also mimic living viruses in the way they must adapt through mutation to the development of resistance within a system: the author of a computer virus must upgrade his creation in order to overcome the resistance (antiviral programs) or to take advantage of a new weakness or loophole within the system Cisco and/or its affiliates. All rights reserved. 12

13 Is hacking always bad? What kind of penalties should hacking involve? Monetary? Punitive? Discuss the effects on an organization s credibility after a hacking incident. Discuss the employment opportunities for security professionals and the long term outlook. Have students browse online job sites to get an idea of the requirements for security related jobs. Discuss various certifications. Students may be tempted to download some of the applications mentioned in the chapter. Be sure to discuss with them your own organization s policy and the expectations your have for their use of the network Cisco and/or its affiliates. All rights reserved. 13

14 There have been a number of celebrities hacked recently. Students may find it interesting to research these incidents with a better understanding of the types of network attacks. It is important that students understand that network security is ever evolving. To better understand this, have them follow a security news website or blog for a week Have students update the anti-virus software on their personal computers. For those who do not have anti-virus software, discuss no-cost options Cisco and/or its affiliates. All rights reserved. 14

15 Cisco and/or its affiliates. All rights reserved. 15

16 2011 Cisco and/or its affiliates. All rights reserved. 16