Enterprise Network
Security
Accessing the WAN – Chapter 4
ITE I Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Objectives

Describe the general methods used to mitigate
security threats to Enterprise networks

Configure Basic Router Security

Explain how to disable unused Cisco router network
services and interfaces

Explain how to use Cisco SDM

Manage Cisco IOS devices
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
Why is Network Security Important?
 Computer networks have grown in both size and importance in a very
short time. If the security of the network is compromised, there could be
serious consequences, such as:
 Loss of privacy,
 Theft of information, and even
 Legal liability.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
Increasing Threat to Security
 In 1985 = Password guessing, self replicating code
 In 1990= Password cracking, war dialing
 In 1995= Viruses example Nimda, Code red
 In 2000= Trajan Horse e.g Black Ortfice
 2005 – to-date = Worm e.g Blaster, MyDoom, Slammer
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
Most common terms
 White hat-An individual who looks for vulnerabilities in systems or
networks and then reports these vulnerabilities to the owners of the
system so that they can be fixed.
 Hacker-A general term that has historically been used to describe a
computer programming expert. More recently, this term is often used in a
negative way to describe an individual that attempts to gain unauthorized
access to network resources with malicious intent.
 Black hat-Another term for individuals who use their knowledge of
computer systems to break into systems or networks that they are not
authorized to use, usually for personal or financial gain. A cracker is an
example of a black hat.
 Phreaker-An individual who manipulates the phone network to cause it to
perform a function that is not allowed. A common goal of phreaking is
breaking into the phone network, usually through a payphone, to make
free long distance calls.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
Conti…
 Spammer-An individual who sends large quantities of unsolicited e-mail
messages. Spammers often use viruses to take control of home
computers and use them to send out their bulk messages.
 Phisher-Uses e-mail or other means to trick others into providing sensitive
information, such as credit card numbers or passwords. A phisher
masquerades as a trusted party that would have a legitimate need for the
sensitive information.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
6
Think like an Attacker
 The attacker's goal is :
 to compromise a network target or
 an application running within a network.
 Many attackers use this seven-step process to gain information and state
an attack:
 Step 1-Perform footprint analysis (reconnaissance). A company webpage
can lead to information, such as the IP addresses of servers.
 Step 2- Enumerate information. An attacker can expand on the footprint
by monitoring network traffic with a packet sniffer such as Wireshark,
finding information such as version numbers of FTP servers and mail
servers.
 Step 3- Manipulate users to gain access.
 Step 4- Escalate (increase) privileges.
 Step 5- Gather additional passwords and secrets.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
Conti…
 Step 6- Install backdoors. Backdoors provide the attacker with a way to
enter the system without being detected. The most common backdoor is
an open listening TCP or UDP port.
 Step 7- Leverage the compromised system. After a system is
compromised, an attacker uses it to stage attacks on other hosts in the
network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
Type of Computer Crime
As security measures have improved over the years, some of the most
common types of attacks have diminished in frequency, while new ones
have emerged.
 nsider abuse of network access
 Virus
 Mobile device theft
 Phishing where an organization is fraudulently represented as the sender
 Instant messaging misuse
 Denial of service
 Unauthorized access to information
 Bots (Applications that run automated tasks) within the organization
 Theft of customer or employee data
 Abuse of wireless network
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
Conti…
 System penetration
 Financial fraud
 Password sniffing
 Key logging
 Website defacement
 Misuse of a public web application
 Theft of proprietary information
 Exploiting the DNS server of an organization
 Telecom fraud
 Sabotage
 Note: In certain countries, some of these activities may not be a crime, but
are still a problem.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
10
Open versus Closed Networks
The overall security challenge facing network administrators is balancing two
important needs:
 Keeping networks open to support evolving business requirements and
 Protecting private, personal, and strategic business information.
 Open Network
– Easy to configure and administer
– Easy for end users to access network resources
– Security cost: least expensive
 Restrictive
– More difficult to configure and administer
– More difficult for end users to access resources
– Security cost: more expensive
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
11
Conti…
 Closed Network
 Most difficult to configure and administer
 Most difficult for end users to access resources
 Security cost: most expensive
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
12
Developing a Security Policy
 The first step any organization should take to protect its data and itself
from a liability challenge is to develop a security policy.
 A policy is a set of principles that guide decision-making processes and
enable leaders in an organization to distribute authority confidently.
 Assembling a security policy can be daunting if it is undertaken without
guidance.
 For this reason, the International Organization for Standardization (ISO)
And the International Electrotechnical Commission (IEC) have published a
security standard document called ISO/IEC 27002.
 The document consists of 12 sections.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
Common Security Threats
When discussing network security, three common factors are
 Vulnerability:- Vulnerability is the degree of weakness which is inherent
in every network and device. This includes routers, switches, desktops,
servers, and even security devices.
 Threat:- Threats are the people interested and qualified in taking
advantage of each security weakness.
 Attack:-The threats use a variety of tools, scripts, and programs to launch
attacks against networks and network devices.
There are three primary vulnerabilities or weaknesses:
 Technological weaknesses (HTTP, FTP etc)
 Configuration weaknesses (Unsecured Account, Internet Access etc)
 Security policy weaknesses (Lack of written security policy, Politics etc)
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
14
Conti…
Threats to Physical Infrastructure
When you think of network security, or even computer security, you may
imagine attackers exploiting software vulnerabilities. A less glamorous, but
no less important, class of threat is the physical security of devices.
 Hardware threats: Physical damage to servers, routers, switches, cabling
plant, and workstations
 Environmental threats: Temperature extremes (too hot or too cold) or
humidity extremes (too wet or too dry)
 Electrical threats: Voltage spikes, insufficient supply voltage (brownouts),
unconditioned power (noise), and total power loss
 Maintenance threats: Poor handling of key electrical components
(electrostatic discharge), lack of critical spare parts, poor cabling, and poor
labeling
 One can mitigate these physical threats by locking, temperature control
system, UPS and generator sets etc.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
15
Conti…
Threats to Networks
 Unstructured Threats : Unstructured threats consist of mostly
inexperienced individuals using easily available hacking tools, such as
shell scripts and password crackers.
 Structured Threats: Structured threats come from individuals or groups
that are more highly motivated and technically competent.
 In 1995, Kevin Mitnick was convicted of accessing interstate computers
in the United States for criminal purposes. He broke into the California
Department of Motor Vehicles database, routinely took control of New
York and California telephone switching hubs, and stole credit card
numbers. He inspired the 1983 movie "War Games."
 External Threats: External threats can arise from individuals or
organizations working outside of a company who do not have authorized
access
 Internal Threats: Internal threats occur when someone has authorized
access to the network with either an account or physical access.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
16
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Conti…
 Types of Network Attacks
– Reconnaissance: Reconnaissance is the unauthorized discovery and mapping of systems,
services, or vulnerabilities - ping or gping– Access: System access is the ability for an intruder to gain access to a device for which the
intruder does not have an account or a password- dictionary ,rainbow table -L0phtCrack- or
brute force attack.
– Denial of Service: Denial of service (DoS) is when an attacker disables or corrupts
networks, systems, or services with the intent to deny services to intended users.
– Worms, Viruses, and Trojan Horses: Malicious software can be inserted onto a host to
damage or corrupt a system, replicate itself, or deny access to networks, systems, or
services. Sub7
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Conti…
General Mitigation Technique
 Antivirus Software
 Personal Firewall
 Operating System Patches
 HIDS and HIPS
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
19
 Common Security Appliances and Applications
– In the past, the one device that would come to mind for network security was the firewall.
– An integrated approach involving firewall, intrusion prevention, and VPN is necessary.
– Threat control- Devices that provide threat control solutions are:
 Cisco ASA 5500 Series Adaptive Security Appliances
– Integrated Services Routers (ISR)
– Network Admission Control
– Cisco Security Agent for Desktops
– Cisco Intrusion Prevention System
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Conti…
 Secure communications: VPN
 Network admission control (NAC) :Provides a roles-based
method of preventing unauthorized access to a network. Cisco offers a
NAC appliance.
 Cisco IOS Software on Cisco Integrated Services Routers (ISRs)
 Cisco ASA 5500 Series Adaptive Security Appliance
 The PIX has evolved into a platform that integrates many different security
features, called the Cisco Adaptive Security Appliance (ASA). The Cisco
ASA integrates firewall, voice security, SSL and IPsec VPN, IPS, and
content security services in one device.
 Cisco IPS 4200 Series Sensors
 Cisco NAC Appliance: Enforce security policy compliance on all devices
 Cisco Security Agent (CSA) provides threat protection capabilities for
server, desktop, and point-of-service (POS) computing systems. E.g
spyware, rootkits, and day-zero attacks.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
21
Conti….
 To assist with the compliance of a security policy, the Security Wheel, a
continuous process, has proven to be an effective approach.
 The Security Wheel promotes retesting and reapplying updated security
measures on a continuous basis.
 Step 1. Secure
 Step 2. Monitor
 Step 3. Test
 Step 4. Improve
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Securing Cisco Routers
 The Role of Routers in Network Security
 Router security is a critical element in any security deployment.
 Routers are definite targets for network attackers.
 If an attacker can compromise and access a router, it can be a potential
aid to them
 Routers fulfill the following roles:
 Advertise networks and filter who can use them.
 Provide access to network segments and subnetworks.
 Here are some examples of various security problems
 Compromising the access control
 Compromising the route tables
 Misconfiguring a router traffic filter
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Conti…
 Securing Your Network
Securing routers at the network perimeter is an important first step in
securing the network.
 Think about router security in terms in these categories:
 Physical security
 Update the router IOS whenever advisable
 Backup the router configuration and IOS
 Harden the router to eliminate the potential abuse of unused ports and
services (You should harden your router configuration by disabling
unnecessary services.)
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Conti…
 Steps to Safeguard a Router
 Step 1. Manage router security (Good password practices, Passphrases)
 Step 2. Secure remote administrative access to routers(SSH)
 Step 3. Logging router activity ((syslog))
 Step 4. Secure vulnerable router services and interfaces ((CDP)
 Step 5. Secure routing protocols
 Step 6. Control and filter network traffic
 R1(config)# service password-encryption
 R1(config)# do show run | include username
 R1(config)# security passwords min-length 10
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Cisco SDM
 The Cisco Router and Security Device Manager (SDM) is an easy-to-use,
 Web-based device-management tool designed for configuring LAN, WAN,
And security features on Cisco IOS software-based routers.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
Conti…
 Cisco SDM Features
 Cisco SDM simplifies router and security configuration through the use of
several intelligent wizards
 Efficient configuration of key router virtual private network (VPN)
 Cisco IOS firewall parameters.
 This capability permits administrators to quickly and easily deploy,
configure, and monitor Cisco access routers.
 Cisco SDM Interfaces
 Interfaces and Connections
 Firewall Policies
 VPN
 Routing
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
Configuring Router to support SDM
 Step 1. Access the router's Cisco CLI interface using Telnet or the
console connection
 Step 2. Enable the HTTP and HTTPS servers on the router
 Step 3.Create a user account defined with privilege level 15 (enable
privileges).
 Step 4. Configure SSH and Telnet for local login and privilege level 15.
 SDM Interfaces
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
28
How to Use Cisco SDM
 Start SDM
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
Conti…
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
30
Conti…
 The Cisco SDM one-step lockdown wizard implements almost all of the
security configurations that Cisco AutoSecure offers
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
Manage Cisco IOS Devices
 R2# copy running-config startup-config
 R2# copy system:running-config nvram:startup-config
 Copy the running configuration from RAM to a remote location:
 R2# copy running-config tftp:
 R2# copy system:running-config tftp:
 Copy a configuration from a remote source to the running
configuration:
 R2# copy tftp: running-config
 R2# copy tftp: system:running-config
 Copy a configuration from a remote source to the startup
configuration:
 R2# copy tftp: startup-config
 R2# copy tftp: nvram:startup-config
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
32
Manage Cisco IOS Devices
 How to recover the enable password and the enable
secret passwords
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
33
Summary
 Security Threats to an Enterprise network include:
–Unstructured threats
–Structured threats
–External threats
–Internal threats
 Methods to lessen security threats consist of:
–Device hardening
–Use of antivirus software
–Firewalls
–Download security updates
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
34
Summary
 Basic router security involves the following:
–Physical security
–Update and backup IOS
–Backup configuration files
–Password configuration
–Logging router activity
 Disable unused router interfaces & services to minimize
their exploitation by intruders
 Cisco SDM
–A web based management tool for configuring security
measures on Cisco routers
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
35
Summary
 Cisco IOS Integrated File System (IFS)
–Allows for the creation, navigation & manipulation of
directories on a cisco device
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
36
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37