CCNA Security 1.1 Instructional Resource Chapter 1 - Modern Security Threats © 2012 Cisco and/or its affiliates. All rights reserved. 1 • Describe the evolution of network security. • Describe the drivers for network security. • Describe the major network security organizations. • Describe the domains of network security. • Describe network security policies. • Describe viruses, worms, and Trojan Horses. • Describe how to mitigate threats from viruses, worms, and Trojan Horses. • Describe how network attacks are categorized. • Describe reconnaissance attacks. • Describe access attacks. • Describe Denial of Service attacks. • Describe how to mitigate network attacks. © 2012 Cisco and/or its affiliates. All rights reserved. 2 1.0 Understanding Security Threats 1.1 Describe common security threats 1.1.1 Common threats to the physical installation 1.1.2 Mitigation methods for common network attacks 1.1.3 Email-based threats* 1.1.4 Web-based attacks* 1.1.5 Mitigation methods for Worm, Virus, and Trojan Horse attacks 1.1.8 Mobile/remote security* *These claims are also covered in later chapters in more detail. © 2012 Cisco and/or its affiliates. All rights reserved. 3 • Almost as long as there have been computer networks, there have been attacks against them. Network security has to balance the demand to make the network available with the need to keep data and information secure. • Network security professionals have to stay up to date with attacks and mitigation techniques. This includes maintaining awareness of the organizations that track and report on trending threats. © 2012 Cisco and/or its affiliates. All rights reserved. 4 • Chapter 0 Lab: Configuring Devices for Use with Cisco Configuration Professional Part 1: Basic Network Device Configuration Part 2: Configure CCP Access for Routers Part 3: Basic CCP Configuration • Chapter 1 Lab: Researching Network Attacks and Security Audit Tools Part 1: Researching Network Attacks Part 2: Researching Security Audit Tools © 2012 Cisco and/or its affiliates. All rights reserved. 5 SANS SysAdmin, Audit, Network, Security (SANS) Institute CERT Computer Emergency Response Team (CERT) ISC2 International Information Systems Security Certification Consortium (pronounce as "I-S-C-squared") CVE common vulnerabilities and exposures CIS Center for Internet Security GIAC Global Information Assurance Certification DARPA Defense Advanced Research Projects Agency CBK common body of knowledge CISSP Certified Information Systems Security Professional RSS Really Simple Syndication ISO International Organization for Standardization © 2012 Cisco and/or its affiliates. All rights reserved. 6 IEC International Electrotechnical Commission SecureX SecureX is a security architecture outlined by Cisco. SIO Security Intelligence Operations AUP acceptable use policy virus A virus is malicious software which attaches to another program to execute a specific unwanted function on a computer. IDS intrusion detection system IPS intrusion prevention system worm Worms are self-contained programs that attack a system to exploit a known vulnerability. Trojan Horse A Trojan Horse is an application written to look like something else. When a Trojan Horse is downloaded and opened, it attacks the end-user computer from within. © 2012 Cisco and/or its affiliates. All rights reserved. 7 reconnaissance attack Reconnaissance attacks involve the unauthorized discovery and mapping of systems, services, or vulnerabilities. access attack Access attacks exploit known vulnerabilities in services to gain entry. DoS attack Denial of Service (DoS) attacks attempt to make a computer resource unavailable to its intended users. Typically accomplished by sending an extremely large number of requests over a network or the Internet to a target device / server. The goal is to make it so that the device cannot respond to legitimate traffic, or responds so slowly that the service is rendered effectively unavailable. DDoS A Distributed Denial of Service Attack (DDoS) is similar in intent to a DoS attack, except that a DDoS attack originates from multiple coordinated sources. packet sniffer A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. promiscuous mode Promiscuous mode is a mode in which the network adapter card sends all packets that are received to an application for processing. © 2012 Cisco and/or its affiliates. All rights reserved. 8 ping sweep A ping sweep is a basic network scanning technique that determines which range of IP addresses map to live hosts. port scan Port scanning is a scan of a range of TCP or UDP port numbers on a host to detect listening services. ASA Cisco Adaptive Security Appliance ping of death In a ping of death attack, a hacker sends an echo request in an IP packet larger than the maximum packet size of 65,535 bytes. OTP A one-time password is a password that is valid for only one login session and avoids the shortcomings that are associated with a static password that can be re-used multiple times. brute-force attack A brute-force attack involves repeated login attempts based on a built-in dictionary to identify a user account or password. man-in-the-middle attack An attacker is positioned in the middle of communications between two legitimate entities in order to read or modify the data that passes between the two parties. buffer overflow A buffer overflow occurs when a fixed-length buffer reaches its capacity and a process attempts to store data above and beyond that maximum limit. © 2012 Cisco and/or its affiliates. All rights reserved. 9 • Timelines for events, threats and mitigation methods have been updated. • SecureX is introduced and will be explained in detail in Chapter 9. • A reference to the Cisco Adaptive Security Appliance (ASA) has been added. The ASA will be introduced in Chapter 10. © 2012 Cisco and/or its affiliates. All rights reserved. 10 • The first lab (Chapter 0) leads students through configuring devices to use Cisco Configuration Professional (CCP). Since CCP is used extensively throughout the labs, it is critical that all students perform this lab. This is also a good time for students to practice basic configuration and cabling. If you are short on time or equipment, pre-configure Part 1 of the lab and have students focus on Parts 2 and 3. • The lab for Chapter 1 is a research lab and could be extended beyond this chapter. © 2012 Cisco and/or its affiliates. All rights reserved. 11 • Remind students that the term “virus” was adopted because of the similarity in form, function and consequence with biological viruses that attack the human system. Like their biological counterparts, computer viruses can spread rapidly and selfreplicate systematically. They also mimic living viruses in the way they must adapt through mutation to the development of resistance within a system: the author of a computer virus must upgrade his creation in order to overcome the resistance (antiviral programs) or to take advantage of a new weakness or loophole within the system. © 2012 Cisco and/or its affiliates. All rights reserved. 12 • Is hacking always bad? What kind of penalties should hacking involve? Monetary? Punitive? • Discuss the effects on an organization’s credibility after a hacking incident. • Discuss the employment opportunities for security professionals and the long term outlook. Have students browse online job sites to get an idea of the requirements for security related jobs. Discuss various certifications. • Students may be tempted to download some of the applications mentioned in the chapter. Be sure to discuss with them your own organization’s policy and the expectations your have for their use of the network. © 2012 Cisco and/or its affiliates. All rights reserved. 13 • There have been a number of celebrities hacked recently. Students may find it interesting to research these incidents with a better understanding of the types of network attacks. • It is important that students understand that network security is ever evolving. To better understand this, have them follow a security news website or blog for a week. http://www.networkworld.com/topics/security.html http://www.securityfocus.com/ http://www.bestsecuritytips.com/ http://www.techworld.com/security/ • Have students update the anti-virus software on their personal computers. For those who do not have anti-virus software, discuss no-cost options. http://www.avast.com/free-antivirus-download http://free.avg.com/us-en/homepage © 2012 Cisco and/or its affiliates. All rights reserved. 14 • http://www.toptechnews.com/section.xhtml?category=75 • http://www.cert.org/cert/ • http://sectools.org/ • http://www.networksecurityjournal.com/ • http://www.eweek.com/c/s/Security/ © 2012 Cisco and/or its affiliates. All rights reserved. 15 © 2011 Cisco and/or its affiliates. All rights reserved. 16