CCNA Security 1.1 Instructional Resource

CCNA Security 1.1
Instructional Resource
Chapter 1 - Modern Security Threats
© 2012 Cisco and/or its affiliates. All rights reserved.
1
• Describe the evolution of network security.
• Describe the drivers for network security.
• Describe the major network security organizations.
• Describe the domains of network security.
• Describe network security policies.
• Describe viruses, worms, and Trojan Horses.
• Describe how to mitigate threats from viruses, worms, and Trojan
Horses.
• Describe how network attacks are categorized.
• Describe reconnaissance attacks.
• Describe access attacks.
• Describe Denial of Service attacks.
• Describe how to mitigate network attacks.
© 2012 Cisco and/or its affiliates. All rights reserved.
2
1.0 Understanding Security Threats
1.1 Describe common security threats
1.1.1 Common threats to the physical installation
1.1.2 Mitigation methods for common network attacks
1.1.3 Email-based threats*
1.1.4 Web-based attacks*
1.1.5 Mitigation methods for Worm, Virus, and Trojan Horse attacks
1.1.8 Mobile/remote security*
*These claims are also covered in later chapters in more detail.
© 2012 Cisco and/or its affiliates. All rights reserved.
3
• Almost as long as there have been computer networks, there
have been attacks against them. Network security has to balance
the demand to make the network available with the need to keep
data and information secure.
• Network security professionals have to stay up to date with
attacks and mitigation techniques. This includes maintaining
awareness of the organizations that track and report on trending
threats.
© 2012 Cisco and/or its affiliates. All rights reserved.
4
• Chapter 0 Lab: Configuring Devices for Use with Cisco
Configuration Professional
Part 1: Basic Network Device Configuration
Part 2: Configure CCP Access for Routers
Part 3: Basic CCP Configuration
• Chapter 1 Lab: Researching Network Attacks and Security Audit
Tools
Part 1: Researching Network Attacks
Part 2: Researching Security Audit Tools
© 2012 Cisco and/or its affiliates. All rights reserved.
5
SANS
SysAdmin, Audit, Network, Security (SANS) Institute
CERT
Computer Emergency Response Team (CERT)
ISC2
International Information Systems Security Certification
Consortium (pronounce as "I-S-C-squared")
CVE
common vulnerabilities and exposures
CIS
Center for Internet Security
GIAC
Global Information Assurance Certification
DARPA
Defense Advanced Research Projects Agency
CBK
common body of knowledge
CISSP
Certified Information Systems Security Professional
RSS
Really Simple Syndication
ISO
International Organization for Standardization
© 2012 Cisco and/or its affiliates. All rights reserved.
6
IEC
International Electrotechnical Commission
SecureX
SecureX is a security architecture outlined by Cisco.
SIO
Security Intelligence Operations
AUP
acceptable use policy
virus
A virus is malicious software which attaches to another
program to execute a specific unwanted function on a
computer.
IDS
intrusion detection system
IPS
intrusion prevention system
worm
Worms are self-contained programs that attack a system to
exploit a known vulnerability.
Trojan Horse
A Trojan Horse is an application written to look like something
else. When a Trojan Horse is downloaded and opened, it
attacks the end-user computer from within.
© 2012 Cisco and/or its affiliates. All rights reserved.
7
reconnaissance attack
Reconnaissance attacks involve the unauthorized discovery
and mapping of systems, services, or vulnerabilities.
access attack
Access attacks exploit known vulnerabilities in services to gain
entry.
DoS attack
Denial of Service (DoS) attacks attempt to make a computer
resource unavailable to its intended users. Typically
accomplished by sending an extremely large number of
requests over a network or the Internet to a target device /
server. The goal is to make it so that the device cannot
respond to legitimate traffic, or responds so slowly that the
service is rendered effectively unavailable.
DDoS
A Distributed Denial of Service Attack (DDoS) is similar in
intent to a DoS attack, except that a DDoS attack originates
from multiple coordinated sources.
packet sniffer
A packet sniffer is a software application that uses a network
adapter card in promiscuous mode to capture all network
packets that are sent across a LAN.
promiscuous mode
Promiscuous mode is a mode in which the network adapter
card sends all packets that are received to an application for
processing.
© 2012 Cisco and/or its affiliates. All rights reserved.
8
ping sweep
A ping sweep is a basic network scanning technique that
determines which range of IP addresses map to live hosts.
port scan
Port scanning is a scan of a range of TCP or UDP port
numbers on a host to detect listening services.
ASA
Cisco Adaptive Security Appliance
ping of death
In a ping of death attack, a hacker sends an echo request in
an IP packet larger than the maximum packet size of 65,535
bytes.
OTP
A one-time password is a password that is valid for only one
login session and avoids the shortcomings that are associated
with a static password that can be re-used multiple times.
brute-force attack
A brute-force attack involves repeated login attempts based on
a built-in dictionary to identify a user account or password.
man-in-the-middle attack
An attacker is positioned in the middle of communications
between two legitimate entities in order to read or modify the
data that passes between the two parties.
buffer overflow
A buffer overflow occurs when a fixed-length buffer reaches its
capacity and a process attempts to store data above and
beyond that maximum limit.
© 2012 Cisco and/or its affiliates. All rights reserved.
9
• Timelines for events, threats and mitigation methods have been
updated.
• SecureX is introduced and will be explained in detail in Chapter 9.
• A reference to the Cisco Adaptive Security Appliance (ASA) has
been added. The ASA will be introduced in Chapter 10.
© 2012 Cisco and/or its affiliates. All rights reserved.
10
• The first lab (Chapter 0) leads students through configuring
devices to use Cisco Configuration Professional (CCP). Since
CCP is used extensively throughout the labs, it is critical that all
students perform this lab. This is also a good time for students to
practice basic configuration and cabling. If you are short on time
or equipment, pre-configure Part 1 of the lab and have students
focus on Parts 2 and 3.
• The lab for Chapter 1 is a research lab and could be extended
beyond this chapter.
© 2012 Cisco and/or its affiliates. All rights reserved.
11
• Remind students that the term “virus” was adopted because of
the similarity in form, function and consequence with biological
viruses that attack the human system. Like their biological
counterparts, computer viruses can spread rapidly and selfreplicate systematically. They also mimic living viruses in the way
they must adapt through mutation to the development of
resistance within a system: the author of a computer virus must
upgrade his creation in order to overcome the resistance (antiviral
programs) or to take advantage of a new weakness or loophole
within the system.
© 2012 Cisco and/or its affiliates. All rights reserved.
12
• Is hacking always bad? What kind of penalties should hacking
involve? Monetary? Punitive?
• Discuss the effects on an organization’s credibility after a hacking
incident.
• Discuss the employment opportunities for security professionals
and the long term outlook. Have students browse online job sites
to get an idea of the requirements for security related jobs.
Discuss various certifications.
• Students may be tempted to download some of the applications
mentioned in the chapter. Be sure to discuss with them your own
organization’s policy and the expectations your have for their use
of the network.
© 2012 Cisco and/or its affiliates. All rights reserved.
13
• There have been a number of celebrities hacked recently.
Students may find it interesting to research these incidents with a
better understanding of the types of network attacks.
• It is important that students understand that network security is
ever evolving. To better understand this, have them follow a
security news website or blog for a week.
http://www.networkworld.com/topics/security.html
http://www.securityfocus.com/
http://www.bestsecuritytips.com/
http://www.techworld.com/security/
• Have students update the anti-virus software on their personal
computers. For those who do not have anti-virus software,
discuss no-cost options.
http://www.avast.com/free-antivirus-download
http://free.avg.com/us-en/homepage
© 2012 Cisco and/or its affiliates. All rights reserved.
14
• http://www.toptechnews.com/section.xhtml?category=75
• http://www.cert.org/cert/
• http://sectools.org/
• http://www.networksecurityjournal.com/
• http://www.eweek.com/c/s/Security/
© 2012 Cisco and/or its affiliates. All rights reserved.
15
© 2011 Cisco and/or its affiliates. All rights reserved.
16