Embed Size (px)
Citation preview
CCNA Security
Exam: 210-260 IINS
MARCH 26, 2018ZD1 Academics
Daniel Arapi
TABLE OF CONTENTSTABLE OF CONTENTS....................................................................................1
1 – SECURITY CONCEPTS...............................................................................3
CIA (Confidentiality, Integrity, Availability).......................................................................................................... 3Introduction............................................................................................................................................................3Confidentiality.........................................................................................................................................................3Integrity...................................................................................................................................................................3Availability...............................................................................................................................................................3
SIEM Technology................................................................................................................................................. 4SIEM........................................................................................................................................................................4
Asset Classification............................................................................................................................................. 5Asset........................................................................................................................................................................5
Risk Management............................................................................................................................................... 6
Risk Analysis....................................................................................................................................................... 7Quantitative Risk Analysis Formula.........................................................................................................................7
Security Controls................................................................................................................................................. 8Control Type............................................................................................................................................................8Types of Countermeasures......................................................................................................................................8
Attack Methods***............................................................................................................................................. 9
2 – SECURE ACCESS....................................................................................10
AAA.................................................................................................................................................................. 10ACS (Access Control Server)..................................................................................................................................10ACS Authentication...............................................................................................................................................10ACS Platform.........................................................................................................................................................10ISE (Identity Service Engineer)...............................................................................................................................10
RADIUS & TACACS+........................................................................................................................................... 11RADIUS VS. TACACS+.............................................................................................................................................11RADIUS Packets.....................................................................................................................................................11RADIUS Authentication Process............................................................................................................................11TACACS+ Packets...................................................................................................................................................11TACACS+ Authentication Process..........................................................................................................................11
Configuring TACACS+ ***.................................................................................................................................. 12Cisco Documentation............................................................................................................................................12Enable and Configure AAA Server.........................................................................................................................12AAA Authentication...............................................................................................................................................12Authenticate Logins to Privilege Mode.................................................................................................................12
1
Configure AAA Authorization................................................................................................................................13Verify/Troubleshoot AAA......................................................................................................................................13
2
1 – SECURITY CONCEPTSCIA (Confidentiality, Integrity, Availability)
Introduction The primary objective of security is to establish confidentiality, integrity and availability of data
o Data-at-Rest – data saved on a storage media, e.g. hard drive, server, cloudo Data-in-Motion – data being transmitted across the network
Confidentiality Ensures that data cannot be viewed by unauthorized users; Who is able to see the data? Ensured through access controls and encryption
o Access Controls – physical and logical controls put in place to restrict access to data
Integrity Ensures that data can’t be changed by unauthorized users; Who can make changes to the data? Verified with the use of hash algorithms
Availability Ensures that access to data is always available when needed Is the data available to end users and customers? Redundancy is needed to always maintain availability
CIAConcept ExplanationConfidentiality Ensures that data cannot be viewed by unauthorized usersIntegrity Ensures that data cannot be changed by unauthorized usersAvailability Ensures that data is always available when needed
3
SIEM Technology
SIEM (Security Information and Event Management systems) Collects and displays syslog info of all network devices Can filter logs, remove duplicates, and send triggered notifications to admins E.g. JASK
4
Asset Classification
Asset Anything of value to a company, that must be protected
o E.g. proprietary data, trade secrets, servers
Asset Security ClassificationsGovernmental Private Sector
Top SecretSecret
ConfidentialSBU – Sensitive but Unclassified
Unclassified
ConfidentialPrivate
SensitivePublic
Role ClassificationsTerm DescriptionOwner Group responsible for the data (usually senior management)Custodian Group responsible for implementing policies, as dictated by OwnerUser Those who access the data
Criteria for ClassificationValueAge
Replacement CostUseful Lifetime
5
Risk Management
Risk ManagementTerm DescriptionAsset Item of value of company, that needs must be protectedVulnerability An exploitable security flaw in the system/dataThreat A potential danger to an asset: intentional or not, hacking, or malfunctionThreat Actor Person performing malicious actions against an asset Exploit Taking advantage of a vulernabilityRisk The chances of a threat compromising an assetCountermeasure A security measure put in place to reduce a risk
6
Risk Analysis
Risk Analysis TypesQuantitative Calculation of annual monetary loss on an assetQualitative Probability of a risk and its impact
Quantitative Risk Analysis FormulaALE = SLE*ARO | SLE = AV*EF
Values Description
AV (Asset Value) Value of an asset
EF (Exposure Factor) Percentage of loss of asset if risk occurs
SLE (Single Loss Expectancy) Cost each time risk occurs
ARO (Annualized Rate of Occurrence) Frequency of risk occurrence per year
ALE (Annualized Loss Expectancy) Amount of loss in a single year
7
Security Controls
Control TypeType DescriptionAdministrative Policies, procedures, guidelines, standards, AUP, background checks, etc.Physical Doors, locks, redundancy, man traps, etc.Logical Passwords, firewalls, IPS, ACL, VPN, etc.
Types of CountermeasuresType DescriptionPreventative Before the attack
E.g. Proper hiring process prevents HR issuesDeterrent During the attack
E.g. Security guard scares robber awayDetective After the attack
E.g. IDS alerts admin after the attack
8
Network Security Zones
Security Zones Segmented parts of the network with specific security restrictions Trusted, Untrusted, and DMZ
Inside Zone Connects to the internal network
Outside Zone Connects to the outside public
DMZ (Demilitarized Zone) In between the inside and outside zones Includes services that need access to both e.g. web server, mail server, application server, etc
9
Attack Methods***
Vulnerability Classification Method Description
Reconnaissance Scanning devices on network for open ports, IP addresses, vulnerabilitiesSocial Engineering Manipulating people; e.g. phishing, pharming, shoulder surfing, etc.Privilege Escalation Obtaining greater level of access; e.g. global-exec access, root access, etc.
Back Doors Installed on system go gain access in the futureCode Execution Code put on device to compromise confidentiality, integrity, availability
Botnet Collection of infected computers, to which attacker has backdoor accessDoS Utilizes a device’s resources until it becomes unavailable
DDoS A DoS carried out by multiple sourcesReflected DDoS
Direct DDoS Covert Channel Misusing a communication channel;
e.g. tunneling malicious traffic through a legitimate communication Trust Exploitation
Brute Force
10
11
2 – SECURE ACCESSAAA
AAA Explanation- Authentication Determines who has access to a resource- Authorization Determines what a user is allowed to do- Accounting Keeps track of what a user has done and when
ACS (Access Control Server) Server that manages administrative access to network devices; e.g. switches, routers, firewalls Network devices turn to the ACS for authentication and authorization decisions ACS Protocols:
o RADIUSo TACACS+
ACS Authentication ACS authenticates users against a database containing user info such as username/password
o Local Database – saved locally on the ACSo Remote Database – queries an external database such as Active Directoryo Local/Remote – attempts external database first, if none found, then local database
ACS Platform Dedicated hardware device (from Cisco) with ACS software preinstalled Installed on a Windows Server Virtualized via virtual machine on VMware ESXi
ISE (Identity Service Engineer) May be used in conjunction with ACS, but does not replace it Validates that endpoint devices meet security policy requirements
o E.g. virus definition files, service pack files, etc.
12
RADIUS & TACACS+
RADIUS VS. TACACS+RADIUS TACACS
Open standard Cisco proprietaryUDP port 1645 for authenticationUDP port 1812 for authorization
TCP port 49
Combines authentication & authorization Each component of AAA is separateEncrypts only passwords Encrypts entire packet
Better at accounting Better at authorizationLimited support for some protocols Full multiprotocol support
RADIUS PacketsPacket DescriptionACCESS-REQUEST Contains username/password; sent from client to serverACCESS-ACCEPT Username/password is correct; sent from server to clientACCESS-REJECT Username/password is incorrect; sent from server to clientACCESS-CHALLANGE Additional authentication info; sent from server to client
RADIUS Authentication Process1. User attempts to access router2. Router requests username; client then enters username3. Router requests password; client the enters password4. Router sends ACCESS-REQUEST to RADIUS server5. Server responds with ACCESS-ACCEPT or ACCESS-REJECT
TACACS+ PacketsPacket DescriptionACCEPT Username/password is correctREJECT Username/password is incorrectERROR Error in communication, unrelated to authenticationCONTINUE Additional authentication info
TACACS+ Authentication Process1. User attempts to login to router2. Router requests username prompt from TACACS+ | Server provides username prompt3. Router prompts user to enter username | User enters username4. Router forwards username to TACACS+ server5. Router requests password prompt from TACACS+ | Server provides password prompt 6. Router prompts user to enter password | User enters password7. Router forwards password to server which responds with: ACCEPT, REJECT, ERROR, CONTINUE
13
Configuring TACACS+ ***
Cisco Documentation https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/
configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_0101.html#reference_7937862B2E894598BA48416EC5ACF362
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/ configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_0110.html
Enable and Configure AAA Server! Enable AAA, or else router will not accept AAA commandsaaa new-model
! Configure IP address to RADIUS/TACACS+ server + passwordradius-server host [ip_address] key [password]tacacs-server host [ip_address] key [password]
AAA Authentication! Create AAA method-list for logins:aaa authentication login [method_list_name] group [radius/tacacs+] [local] [method]
! Apply AAA method-list to Console Lineline console 0 login authentication [Name] exit
! Apply AAA method-list to VTY Lineline vty 0 15 login authentication [Name] exit
Authenticate Logins to Privilege Mode! Default AAA method applied to enableaaa authentication enable default group [radius/tacacs+] [local] [method]
14
Configure AAA Authorization! Default AAA method applied to enableaaa authentication exec [Name] group [radius/tacacs+] [local] [method]
! Apply AAA method-list to VTY Lineline vty 0 15 authorization exec [Name] exit
Verify/Troubleshoot AAAdebug tacacsdebug radiusdebug aaa authenticationdebug aaa authorization
! For testing purposes, attempts to authenticate with server using username provided:test aaa group [radius/tacacs+] [username] [password] legacy
15
16
