Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

CCNA Security – Chapter 9 Case Study © 2009 Cisco Learning

advertisement 
CCNA Security – Chapter 9 Case Study
Objectives
•
Describe the principles of secure network design.
•
Describe operations security.
•
Describe network security testing tools and techniques.
•
Describe business continuity and disaster recovery.
•
Describe the system development life cycle concept and its application to a secure network life
cycle.
•
Describe the purpose and function of a network security policy.
Scenario
Superior Health Care System will be implementing many changes over the next two years. Your team will
have a major impact on the success of these changes. The CEO of the company has personally
requested that your team participant in the following initiatives:
•
Create a new information assurance policy and training program
•
Test our existing equipment to identify the need for upgrades and replacements.
•
Develop an RFP for a comprehensive penetration test of our systems and network.
•
Identify the critical aspects of the systems and perform a network security test.
•
Report all findings and make all necessary recommendations needed to secure our systems in
the future.
Tasks 9.1
Your team will be responsible for developing the first draft for the following Information Assurance
Policies:
1. Acceptable use policy
2. VPN implementation policy
3. Virus and malicious code mitigation policy
4. IDS/IPS implementation policy
5. Authentication/Authorization policy
6. Incident response policy
Tasks 9.2
As part of the reorganization, Superior Health Care System Corporation’s Chief Information Officer has
created an action list for your team. She has requested that your team test the following features in our
test lab facilities and report back on the results.
1. Secure network devices with AAA, SSH, role-based CLI, syslog, SNMP, and NTP.
2. Secure services using AutoSecure and one-step lockdown.
© 2009 Cisco Learning Institute
CCNA Security – Chapter 9 Case Study
3. Protect network endpoints, such as workstations and servers, against viruses, Trojan Horses, and
worms with Cisco NAC, Cisco IronPort, and Cisco Security Agent.
4. Use Cisco IOS Firewall and accompanying ACLs to secure resources internally while protecting
those resources from outside attacks.
5. Supplement Cisco IOS Firewall with Cisco IPS technology to evaluate traffic using an attack
signature database.
6. Protect the LAN by following Layer 2 and VLAN recommended practices and by using a variety of
technologies, including BPDU guard, root guard, PortFast, and SPAN.
Tasks 9.3
We would like you to draft a two page document detailing the framework and components of a corporate
wide information assurance education, training and awareness program. Please provide examples and
resources that support your proposal.
Tasks 9.4
Our senior management team wants to make sure we have thoroughly tested and strengthened our
systems and network. In an effort to respond to this priority, the Chief Information Assurance Officer has
directed your team to compose an RFP to identify a company contracted to perform a penetration test on
our systems and assist our staff in mitigating potential risk and vulnerabilities. Please have your team
draft the document and make sure they include the following activities as part of the request:
Internal/Intranet Testing
•
Clients, Servers
•
Databases
•
Switches
•
Routers
•
Intranet
•
Remote Management Hardware/Software
•
IDS - IPS
•
Patch Management
•
Virus/Spyware
External/DMZ/Extranet
•
Web Sites
•
Database Mining
•
Mail Servers
•
Advanced E-Mail Tracking and Tracing
© 2009 Cisco Learning Institute
CCNA Security – Chapter 9 Case Study
•
DNS Servers
•
FTP Servers
•
VPN Servers
•
Wireless Networks
•
Firewalls
Physical Security
•
Server Room
•
Back-up Media
•
Accessibility To Security Controls
•
Cabling, Physical Access
•
Key Loggers
•
Documentation
•
Lock Picking
•
Hot Jacks
•
Phone Systems
•
Covert Wireless
Component/Stages of the Test
1. Establish the scope of the test
2. Planning the test with sign offs
3. Target acquisition
4. Network mapping
5. Fingerprinting
6. Enumeration
7. Vulnerability assessment
8. Vulnerability exploitation
9. Breakin
10. Privilege escalate
11. Hiding/Stealing data
© 2009 Cisco Learning Institute
CCNA Security – Chapter 9 Case Study
12. Planting backdoors
13. Covering Tracks
14. Test Result Analysis
15. Reporting
16. Post-Test consultation
© 2009 Cisco Learning Institute
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
10.2.1.2 Worksheet - Answer Security Policy
10.2.1.2 Worksheet - Answer Security Policy
CCNA Discovery: Networking for Home and Small Businesses
CCNA Discovery: Networking for Home and Small Businesses
SYLLABUS ITCC-2408 - CCNA 3 Exploration
SYLLABUS ITCC-2408 - CCNA 3 Exploration
Minimum Staffing Required
Minimum Staffing Required
Eric-Rouse.com
Eric-Rouse.com
Cisco 2611 Router
Cisco 2611 Router
Cisco Services are most attractive to customers when they are sold
Cisco Services are most attractive to customers when they are sold
The right technology makes it possible
The right technology makes it possible
MUHAMMAD IMRAN ALI JAN Professional Résumé: Date of Birth
MUHAMMAD IMRAN ALI JAN Professional Résumé: Date of Birth
File - Jonathan Totaram Resume
File - Jonathan Totaram Resume
global_learning.2006.. - 培正資源庫Pui Ching Resource Bank
global_learning.2006.. - 培正資源庫Pui Ching Resource Bank
Download
advertisement