CCNASv2 InstructorPPT CH1

Chapter 1:
Modern Network Security Threats

CCNA Security v2.0
1.0 Introduction
1.1 Securing Networks
Chapter Outline
1.2 Network Threats

1.3 Mitigating Threats
1.4 Summary
2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Section 1.1:
Securing Networks
Upon completion of this section, you should be able to:
Describe the current network security landscape.
Explain how all types of networks need to be protected.
Cisco Public
Topic 1.1.1:
Current State of Affairs
Cisco Public
Networks Are Targets
Cisco Public
Drivers for Network Security

Common network security terms:
Threat
Vulnerability
Mitigation
Risk
Cisco Security Intelligence Operations
Cisco Public
Vectors of Network Attacks
Cisco Public
Data Loss
Vectors of data loss:
Email/Webmail
Unencrypted Devices
Cloud Storage Devices
Removable Media
Hard Copy
Improper Access Control
Cisco Public
Topic 1.1.2:
Network Topology Overview
Cisco Public
Campus Area Networks
Cisco Public
10
Small Office and Home Office Networks
Cisco Public
11
Wide Area Networks
Cisco Public
12
Data Center Networks

Outside perimeter security:
On-premise security officers
Fences and gates
Continuous video surveillance
Security breach alarms
Inside perimeter security:

Electronic motion detectors
Security traps
Continuous video surveillance
Biometric access and exit sensors
Cisco Public
13
Cloud and Virtual Networks

VM-specific threats:
Components of a secure data center:
Hyperjacking
Secure segmentation
Instant On activation
Threat defense
Antivirus storm
Visibility
The Evolving Network Border

Critical MDM functions for BYOD network:
Data encryption
PIN enforcement
Data wipe
Data loss prevention
Jailbreak/root detection
Cisco Public
14
Section 1.2:
Network Threats
Upon completion of the section, you should be able to:
Describe the evolution of network security.
Describe the various types of attack tools used by hackers.
Describe malware.
Explain common network attacks.
Cisco Public
15
Topic 1.2.1:
Who is Hacking Our Networks?
Cisco Public
16
The Hacker & The Evolution of Hackers

Modern hacking titles:
Script Kiddies
Vulnerability Brokers
Hacktivists
Cyber Criminals
State-Sponsored
Hackers
Cisco Public
17
Topic 1.2.2:
Hacker Tools
Cisco Public
18
Introduction of Attack Tools
Cisco Public
19
Evolution of Security Tools

Penetration testing tools:
Password crackers
Forensic
Wireless hacking
Debuggers
Network scanning and hacking
Hacking operating systems
Packet crafting
Encryption
Packet sniffers
Vulnerability exploitation
Rootkit detectors
Vulnerability Scanners
Fuzzers to search vulnerabilities
Cisco Public
20
Categories of Attack Tools

Network hacking attacks:
Eavesdropping
Data modification
IP address spoofing
Password-based
Denial-of-service
Man-in-the-middle
Compromised-key
Sniffer
Cisco Public
21
Topic 1.2.3:
Malware
Cisco Public
22
Various Types of Malware
Cisco Public
23
Viruses
Cisco Public
24
Trojan Horse Classification

Classifications:
Security software disabler
Remote-access
Data-sending
Destructive
Proxy
FTP
DoS
Cisco Public
25
Worms
Initial Code Red Worm Infection
Code Red Worm Infection 19 Hours

Later
Cisco Public
26
Worm Components
Components:
1.
Propagate
for 19 days
Enabling vulnerability
Propagation mechanism
Payload
4.
Repeat the
cycle
Code Red
Worm
Propagation
2.
Launch DoS
attack for
next 7 days
3.
Stop and go
dormant for
a few days
Cisco Public
27
Other Malware
Ransomware
Scareware
Spyware
Phishing
Adware
Rootkits
Cisco Public
28
Topic 1.2.4:
Common Network Attacks
Cisco Public
29
Types of Network Attacks
Data
Modification
Syn Flood
Smurf
Attack
Reconnaissance
Access
DoS
Cisco Public
30
Reconnaissance Attacks
Initial query of a target
Ping sweep of the target network
Port scan of active IP addresses
Vulnerability scanners
Exploitation tools
Cisco Public
31
Access Attacks
A few reasons why hackers use access attacks:
To retrieve data
To gain access
To escalate access privileges
A few types of access attacks include:

Password
Trust exploitation
Port redirection
Man-in-the-middle
Buffer overflow
IP, MAC, DHCP spoofing
Cisco Public
32
Social Engineering Attacks

Pretexting
Phishing
Spearphishing
Spam
Tailgating
Something for Something
Baiting
Cisco Public
33
Denial of Service Attacks
Cisco Public
34
DDoS Attacks
1.
Hacker builds a network of infected machines
A network of infected hosts is called a botnet.
The compromised computers are called zombies.
Zombies are controlled by handler systems.
2.
Zombie computers continue to scan and infect more targets
3.
Hacker instructs handler system to make the botnet of zombies

carry out the DDoS attack
Cisco Public
35
1.3 Mitigating Threats

Upon completion of this section, you should be able to::
Describe methods and resources to protect the networks.
Describe a collection of domains for network security.
Explain the purpose of the Cisco SecureX Architecture.
Describe the techniques used to mitigate common network attacks.
Explain how to secure the three functional areas of Cisco routers and switches.
Cisco Public
36
Topic 1.3.1:
Defending the Network
Cisco Public
37
Network Security Professionals
Cisco Public
38
Network Security Organizations
Cisco Public
39
Confidentiality, Integrity, Availability

Confidentiality:
Uses encryption to
encrypt and hide
data.
Availability:
Assures data is
accessible.
Guaranteed by
network hardening
mechanisms and
backup systems.
Components
of
Cryptography
Integrity:
Uses hashing
algorithms to
ensure data is
unaltered during
operation.
Cisco Public
40
Topic 1.3.2:
Domains of Network Security
Cisco Public
41
Network Security Domains

Risk assessment
Security policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Information systems acquisition, development, and maintenance
Access control
Information security incident management
Business continuity management
Compliance
Cisco Public
42
Network Security Policy
Cisco Public
43
Network Security Policy Objectives
Cisco Public
44
Topic 1.3.3:
Introducing the Cisco SecureX Architecture
Cisco Public
45
The Security Artichoke
Cisco Public
46
Evolution of Network Security Tools
Cisco Public
47
SecureX Product Families

Server Edge
and Branch
Secure Data
Center and
Virtualization
Secure
Access
Secure
Email and
Web
Secure
X
Secure
Mobility
Cisco Public
48
SecureX Security Technology

Cisco SecureX Architecture:
Scanning engines
Delivery mechanisms
Security intelligence operations (SIO)
Policy management consoles
Next-generation endpoint
Cisco Public
49
Centralized Context-Aware Network Scanning Element

Defines security policies based on five parameters:
Type of device being used for access
Persons identity
Application in use
Location
Time of access
Cisco Public
50
Cisco Security Intelligence Operations Please

add another slide for Fig 2 of page 1.3.3.6
Cisco Public
51
Cisco Security Intelligence Operations (cont.)
Cisco Public
52
Topic 1.3.4:
Mitigating Common Network Threats
Cisco Public
53
Defending the Network

Best practices:
Develop a written security policy.
Educate employees about the risks of social engineering, and develop strategies to
validate identities over the phone, via email, or in person.

Control physical access to systems.
Use strong passwords and change them often.
Encrypt and password-protect sensitive data.
Implement security hardware and software.
Perform backups and test the backed up files on a regular basis.
Shut down unnecessary services and ports.
Keep patches up-to-date by installing them weekly or daily to prevent buffer
overflow and privilege escalation attacks.

Perform security audits to test the network.
Cisco Public
54
Mitigating Malware
Cisco Public
55
Mitigating Worms
Containment
Inoculation
Quarantine
Treatment
Cisco Public
56
Mitigating Reconnaissance Attacks
Cisco Public
57
Mitigating Access Attacks
Cisco Public
58
Mitigating DoS Attacks
Cisco Public
59
Topic 1.3.5:
Cisco Network Foundation Protection Framework
Cisco Public
60
NFP Framework
Cisco Public
61
Securing the Control Plane
Cisco Public
62
Securing the Management Plane
Cisco Public
63
Securing the Data Plane
Cisco Public
64
Section 1.4:
Summary
Chapter Objectives:
Explain network security.
Describe various types of threats and attacks.
Explain tools and procedures to mitigate the effects of malware and common
network attacks.
Cisco Public
65
Thank you.
Instructor Resources
Remember, there are
helpful tutorials and user

guides available via your
NetSpace home page.
(https://www.netacad.com)
1
2
These resources cover a
variety of topics including

navigation, assessments,
and assignments.
A screenshot has been
provided here highlighting

the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
Cisco Public
67

CCNASv2 InstructorPPT CH1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNASv2 InstructorPPT CH1

Uploaded by

Copyright:

Available Formats

Chapter 1:

Modern Network Security Threats

1.2 Network Threats

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

Networks Are Targets

2013 Cisco and/or its affiliates. All rights reserved.

Drivers for Network Security

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Security Intelligence Operations

Vectors of Network Attacks

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

Campus Area Networks

2013 Cisco and/or its affiliates. All rights reserved.

Small Office and Home Office Networks

2013 Cisco and/or its affiliates. All rights reserved.

Wide Area Networks

2013 Cisco and/or its affiliates. All rights reserved.

Data Center Networks

Inside perimeter security:

2013 Cisco and/or its affiliates. All rights reserved.

Cloud and Virtual Networks

Components of a secure data center:

The Evolving Network Border

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

The Hacker & The Evolution of Hackers

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

Introduction of Attack Tools

2013 Cisco and/or its affiliates. All rights reserved.

Evolution of Security Tools

Network scanning and hacking

Hacking operating systems

Fuzzers to search vulnerabilities

2013 Cisco and/or its affiliates. All rights reserved.

Categories of Attack Tools

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

Various Types of Malware

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

Trojan Horse Classification

2013 Cisco and/or its affiliates. All rights reserved.

Code Red Worm Infection 19 Hours

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

Types of Network Attacks

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

A few types of access attacks include:

2013 Cisco and/or its affiliates. All rights reserved.

Social Engineering Attacks

2013 Cisco and/or its affiliates. All rights reserved.

Denial of Service Attacks

2013 Cisco and/or its affiliates. All rights reserved.

Hacker builds a network of infected machines

A network of infected hosts is called a botnet.