Embed Size (px)
Citation preview
© 2012 Cisco and/or its affiliates. All rights reserved. 1
CCNA Security 1.1Instructional ResourceChapter 1 - Modern Security Threats
© 2012 Cisco and/or its affiliates. All rights reserved. 2
Chapter 1: Objectives• Describe the evolution of network security.
• Describe the drivers for network security.
• Describe the major network security organizations.
• Describe the domains of network security.
• Describe network security policies.
• Describe viruses, worms, and Trojan Horses.
• Describe how to mitigate threats from viruses, worms, and Trojan Horses.
• Describe how network attacks are categorized.
• Describe reconnaissance attacks.
• Describe access attacks.
• Describe Denial of Service attacks.
• Describe how to mitigate network attacks.
© 2012 Cisco and/or its affiliates. All rights reserved. 3
Chapter 1: Certification Claims1.0 Understanding Security Threats
1.1 Describe common security threats
1.1.1 Common threats to the physical installation
1.1.2 Mitigation methods for common network attacks
1.1.3 Email-based threats*
1.1.4 Web-based attacks*
1.1.5 Mitigation methods for Worm, Virus, and Trojan Horse attacks
1.1.8 Mobile/remote security*
*These claims are also covered in later chapters in more detail.
© 2012 Cisco and/or its affiliates. All rights reserved. 4
Chapter 1: Critical Concepts• Almost as long as there have been computer networks, there
have been attacks against them. Network security has to balance the demand to make the network available with the need to keep data and information secure.
• Network security professionals have to stay up to date with attacks and mitigation techniques. This includes maintaining awareness of the organizations that track and report on trending threats.
© 2012 Cisco and/or its affiliates. All rights reserved. 5
Chapter 1: Activities• Chapter 0 Lab: Configuring Devices for Use with Cisco
Configuration ProfessionalPart 1: Basic Network Device Configuration
Part 2: Configure CCP Access for Routers
Part 3: Basic CCP Configuration
• Chapter 1 Lab: Researching Network Attacks and Security Audit Tools
Part 1: Researching Network Attacks
Part 2: Researching Security Audit Tools
© 2012 Cisco and/or its affiliates. All rights reserved. 6
Chapter 1: Terms & Acronyms
SANS SysAdmin, Audit, Network, Security (SANS) Institute
CERT Computer Emergency Response Team (CERT)
ISC2 International Information Systems Security Certification Consortium (pronounce as "I-S-C-squared")
CVE common vulnerabilities and exposures
CIS Center for Internet Security
GIAC Global Information Assurance Certification
DARPA Defense Advanced Research Projects Agency
CBK common body of knowledge
CISSP Certified Information Systems Security Professional
RSS Really Simple Syndication
ISO International Organization for Standardization
© 2012 Cisco and/or its affiliates. All rights reserved. 7
Chapter 1: Terms & Acronyms (cont)
IEC International Electrotechnical Commission
SecureX SecureX is a security architecture outlined by Cisco.
SIO Security Intelligence Operations
AUP acceptable use policy
virusA virus is malicious software which attaches to another program to execute a specific unwanted function on a computer.
IDS intrusion detection system
IPS intrusion prevention system
wormWorms are self-contained programs that attack a system to exploit a known vulnerability.
Trojan HorseA Trojan Horse is an application written to look like something else. When a Trojan Horse is downloaded and opened, it attacks the end-user computer from within.
© 2012 Cisco and/or its affiliates. All rights reserved. 8
Chapter 1: Terms & Acronyms (cont)
reconnaissance attackReconnaissance attacks involve the unauthorized discovery and mapping of systems, services, or vulnerabilities.
access attackAccess attacks exploit known vulnerabilities in services to gain entry.
DoS attack
Denial of Service (DoS) attacks attempt to make a computer resource unavailable to its intended users. Typically accomplished by sending an extremely large number of requests over a network or the Internet to a target device / server. The goal is to make it so that the device cannot respond to legitimate traffic, or responds so slowly that the service is rendered effectively unavailable.
DDoSA Distributed Denial of Service Attack (DDoS) is similar in intent to a DoS attack, except that a DDoS attack originates from multiple coordinated sources.
packet snifferA packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN.
promiscuous modePromiscuous mode is a mode in which the network adapter card sends all packets that are received to an application for processing.
© 2012 Cisco and/or its affiliates. All rights reserved. 9
Chapter 1: Terms & Acronyms (cont)
ping sweepA ping sweep is a basic network scanning technique that determines which range of IP addresses map to live hosts.
port scanPort scanning is a scan of a range of TCP or UDP port numbers on a host to detect listening services.
ASA Cisco Adaptive Security Appliance
ping of deathIn a ping of death attack, a hacker sends an echo request in an IP packet larger than the maximum packet size of 65,535 bytes.
OTPA one-time password is a password that is valid for only one login session and avoids the shortcomings that are associated with a static password that can be re-used multiple times.
brute-force attackA brute-force attack involves repeated login attempts based on a built-in dictionary to identify a user account or password.
man-in-the-middle attack An attacker is positioned in the middle of communications between two legitimate entities in order to read or modify the data that passes between the two parties.
buffer overflowA buffer overflow occurs when a fixed-length buffer reaches its capacity and a process attempts to store data above and beyond that maximum limit.
© 2012 Cisco and/or its affiliates. All rights reserved. 10
Chapter 1: Changes From v1.0• Timelines for events, threats and mitigation methods have been
updated.
• SecureX is introduced and will be explained in detail in Chapter 9.
• A reference to the Cisco Adaptive Security Appliance (ASA) has been added. The ASA will be introduced in Chapter 10.
© 2012 Cisco and/or its affiliates. All rights reserved. 11
Chapter 1: Classroom Management• The first lab (Chapter 0) leads students through configuring
devices to use Cisco Configuration Professional (CCP). Since CCP is used extensively throughout the labs, it is critical that all students perform this lab. This is also a good time for students to practice basic configuration and cabling. If you are short on time or equipment, pre-configure Part 1 of the lab and have students focus on Parts 2 and 3.
• The lab for Chapter 1 is a research lab and could be extended beyond this chapter.
© 2012 Cisco and/or its affiliates. All rights reserved. 12
Chapter 1: Teaching Analogies• Remind students that the term “virus” was adopted because of
the similarity in form, function and consequence with biological viruses that attack the human system. Like their biological counterparts, computer viruses can spread rapidly and self-replicate systematically. They also mimic living viruses in the way they must adapt through mutation to the development of resistance within a system: the author of a computer virus must upgrade his creation in order to overcome the resistance (antiviral programs) or to take advantage of a new weakness or loophole within the system.
© 2012 Cisco and/or its affiliates. All rights reserved. 13
Chapter 1: Classroom Discussion• Is hacking always bad? What kind of penalties should hacking
involve? Monetary? Punitive?
• Discuss the effects on an organization’s credibility after a hacking incident.
• Discuss the employment opportunities for security professionals and the long term outlook. Have students browse online job sites to get an idea of the requirements for security related jobs. Discuss various certifications.
• Students may be tempted to download some of the applications mentioned in the chapter. Be sure to discuss with them your own organization’s policy and the expectations your have for their use of the network.
© 2012 Cisco and/or its affiliates. All rights reserved. 14
Chapter 1: Best Practices• There have been a number of celebrities hacked recently.
Students may find it interesting to research these incidents with a better understanding of the types of network attacks.
• It is important that students understand that network security is ever evolving. To better understand this, have them follow a security news website or blog for a week.
http://www.networkworld.com/topics/security.html
http://www.securityfocus.com/
http://www.bestsecuritytips.com/
http://www.techworld.com/security/
• Have students update the anti-virus software on their personal computers. For those who do not have anti-virus software, discuss no-cost options.
http://www.avast.com/free-antivirus-download
http://free.avg.com/us-en/homepage
© 2012 Cisco and/or its affiliates. All rights reserved. 15
Chapter 1: Additional Reading• http://www.toptechnews.com/section.xhtml?category=75
• http://www.cert.org/cert/
• http://sectools.org/
• http://www.networksecurityjournal.com/
• http://www.eweek.com/c/s/Security/
© 2011 Cisco and/or its affiliates. All rights reserved. 16
![CCNA Security 1 - Computer Sciencekotfid/secvoice10/labs/en_CCNAS_Lab_SLM_v10[1].… · CCNA Security 1.0 Student Lab Manual ... use by instructors in the CCNA Security course as](https://img.pdfslide.us/doc/110x75/5a7873db7f8b9a7b698b46df/ccna-security-1-computer-science-kotfidsecvoice10labsenccnaslabslmv101.jpg)
