CCNASv2_InstructorPPT_CH11

Chapter 11:
Managing a Secure Network
CCNA Security v2.0
11.0 Introduction
11.1 Network Security Testing
11.2 Developing a
Comprehensive Security Policy
11.3 Summary
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2
Upon completion of this section, you should be able to:
• Describe the techniques used in network security testing.
• Describe the tools used in network security testing.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
3
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
4
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
5
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
6
Operational Status of the Network:
• Penetration testing
• Network scanning
• Vulnerability scanning
• Password cracking
• Log review
• Integrity checks
• Virus detection
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
7
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
8
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9
• Nmap/Zenmap
• SuperScan
• SIEM
• GFI LANguard
• Tripwire
• Nessus
• L0phtCrack
• Metasploit
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
10
Sample Nmap Screenshot
© 2013 Cisco and/or its affiliates. All rights reserved.
Sample Zenmap Screenshot
Cisco Public
11
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12
Essential functions:
• Forensic Analysis
• Correlation
• Aggregation
• Retention
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
13
Upon completion of this section, you should be able to:
• Explain the purpose of a comprehensive security policy.
• Describe the structure of a comprehensive security policy.
• Describe the standards, guidelines, and procedures of a security policy.
• Explain the roles and responsibilities entailed by a security policy.
• Explain security awareness and how to achieve through education and training.
• Explain how to respond to a security breach.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
15
Determine what the assets of an organization are by asking:
• What does the organization have that others want?
• What processes, data, or information systems are critical to the
organization?
• What would stop the organization from doing business or fulfilling its
mission?
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
16
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
17
Audience Determines Security Policy Content
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
18
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
20
A governing policy includes:
• Statement of the issue that the policy addresses
• How the policy applies in the environment
• Roles and responsibilities of those affected by the policy
• Actions, activities, and processes that are allowed (and not allowed)
• Consequences of noncompliance
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
21
Technical components:
• General policies
• Telephony policy
• Email and communication policy
• Remote access policy
• Network policy
• Application policy
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
22
Customize End-User Policies for Groups
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
23
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
24
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
25
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
26
NIST Information Technology Portal
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
27
NSA Website
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
28
Common Criteria Website
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
29
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
30
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
31
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
32
• Chief Executive Officer (CEO)
• Chief Security Officer (CSO)
• Chief Technology Officer (CTO)
• Chief Information Security
• Chief Information Officer (CIO)
© 2013 Cisco and/or its affiliates. All rights reserved.
Officer (CISO)
Cisco Public
33
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
34
Primary components:
• Awareness campaigns
• Training and education
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
35
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
36
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
37
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
38
Chapter Objectives:
• Explain the various techniques and tools used for network security testing.
• Explain how to develop a comprehensive security policy.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
39
Thank you.
• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page.
(https://www.netacad.com)
1
2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
41