CCNA Security Chapter 1 Modern Network Security Threats

1.0.1

What does Network Security involve?

Network security involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. set standards, encourage collaboration, and provide workforce development opportunities for security professionals Viruses, worms, and Trojan Horses are specific types of network attacks. More generally, network attacks are classified as reconnaissance, access, or Denial of Service attacks Network security breaches can disrupt ecommerce, cause the loss of business data and threaten people's privacy (with the potential legal consequences), and compromise the integrity of information. These breaches can result in lost revenue for corporations, theft of intellectual property, and lawsuits, and can even threaten public safety. An IDS provides real-time detection of certain types of attacks while they are in progress. IPS devices enable the detection of malicious activity and have the ability to automatically block the attack in real-time. Packet filtering firewalls inspect each packet in isolation without examining whether a packet is part of an existing connection. Packet filtering firewalls inspect packets to see if they matched sets of predefined rules, with the option of

What do Network security organizations do? What are some types of network attacks?

1.1.1

Why is Network Security important to organizations and businesses?

What is the difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?

Explain the difference between packet-filtering firewalls and stateful firewalls?

Page 1 of 8

CCNA Security Chapter 1 Modern Network Security Threats

forwarding or dropping the packets accordingly. Stateful firewalls also use predefined rules for permitting or denying traffic. Unlike packet filtering firewalls, stateful firewalls keep track of established connections and determine if a packet belongs to an existing flow of data, providing greater security and more rapid processing. What are the two main types of internal threats to the network? Spoofing attacks where one device attempts to pose as another by falsifying data. DoS attacks make computer resources unavailable to intended users. the study and practice of hiding information

What is Cryptography?

Describe the three components of Confidentiality, Integrity and Availability Information Security? Confidentiality means hiding plaintext data. Integrity, means that the data is preserved unaltered during any operation. Availability means that data is always accessible. 1.1.2 What is a hacker? Bad or Good Bad hackers work to gain unauthorized access to devices on the Internet or that run programs to prevent or slow network access to a large number of users, or corrupt or wipe out data on servers. Good hackers work to ensure that networks are not vulnerable to attack.
Page 2 of 8

CCNA Security Chapter 1 Modern Network Security Threats

Describe Nmap

Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing. that uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems and what type of packet filters/firewalls are in use, and dozens of other characteristics. The Security Administrator Tool for Analyzing Networks (SATAN) is a testing and reporting toolbox that collects a variety of information about networked hosts. BO2K is the most powerful network administration tool available for the Microsoft environment that puts network administrators solidly back in control of the system, network, registry, passwords, file system, and processes. Trillions of dollars are transacted over the Internet on a daily basis, and the livelihoods of millions depend on Internet commerce. SysAdmin, Audit, Network, Security (SANS) Institute Computer Emergency Response Team (CERT) International Information Systems Security Certification Consortium Mitre Corporation FIRST Center for Internet Security (CIS)
Page 3 of 8

Describe SATAN

Describe Back Orifice 2000

What is the main need for laws safeguarding network security?

1.1.3

What are some of the network security organizations?

CCNA Security Chapter 1 Modern Network Security Threats

1.1.4

What are the 12 network security domains specified by the ISO/IEC?

1,1,5

What is a Security Policy?

* risk assessment * security policy; * organization of information security; * asset management; * human resources security; * physical and environmental security; * communications and operations management; * access control; * information systems acquisition, development and maintenance; * information security incident management; * business continuity management; * compliance. A security policy is a formal statement of the rules by which people must abide who are given access to the technology and information assets of an organization. The policy is used to aid in network design, convey security principles, and facilitate network deployments The network security policy outlines what assets need to be protected and gives guidance on how it should be protected. The policy should specify that logs are formally maintained for all network devices and servers. A Cisco Self-Defending Network (SDN) uses the network to identify, prevent, and adapt to threats. A Cisco SDN begins with a strong, secure, flexible network platform from which a security solution is built. A virus is malicious software which attaches to another program to execute a specific unwanted function on a computer.

Describe the Cisco SelfDefending Network.

1.2.1

Describe the three primary vulnerabilities for end-users:

Page 4 of 8

CCNA Security Chapter 1 Modern Network Security Threats

A worm executes arbitrary code and installs copies of itself in the memory of the infected computer, which then infects other hosts. A Trojan Horse is an application written to look like something else. When a Trojan Horse is downloaded and opened, it attacks the end-user computer from within. 1.2.2 Describe the three major components to most worm attacks: Enabling vulnerability - A worm installs itself using an exploit mechanism (email attachment, executable file, Trojan Horse) on a vulnerable system. Propagation mechanism - After gaining access to a device, the worm replicates itself and locates new targets. Payload - Any malicious code that results in some action. Most often this is used to create a backdoor to the infected host. Probe phase Penetrate phase Persist phase Propagate phase Paralyze phase Remote-access Trojan Horse (enables unauthorized remote access) Data sending Trojan Horse (provides the attacker with sensitive data such as passwords) Destructive Trojan Horse (corrupts or deletes files) Proxy Trojan Horse (user's computer functions as a proxy server) FTP Trojan Horse (opens port 21) Security software disabler Trojan Horse (stops anti-virus programs or firewalls
Page 5 of 8

Describe the five basic phases of a worm or virus attack:

1.2.3

Describe the types of Trojan Horse attacks:

CCNA Security Chapter 1 Modern Network Security Threats

from functioning) Denial of Service Trojan Horse (slows or halts network activity) 1.2.4 Describe the four phases of worm The response to a worm infection can be mitigation: broken down into: containment, inoculation, quarantine, and treatment phases. Describe Cisco Security Agent: A host-based intrusion prevention system that can be integrated with anti-virus software from various vendors. A turnkey solution to control network access. It admits only hosts that are authenticated and have had their security posture examined and approved for the network. Cisco Security Monitoring, Analysis, and Response System provides security monitoring for network security devices and host applications made by Cisco and other providers. MARS makes precise recommendations for threat removal, including the ability to visualize the attack path and identify the source of the threat with detailed topological graphs that simplify security response. Reconnaissance attacks involve the unauthorized discovery and mapping of systems, services, or vulnerabilities. methods may include: Packet sniffers, Ping sweeps, Port scans, or Internet information queries. Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain
Page 6 of 8

Describe the Cisco Network Admission Control (NAC):

Describe Cisco MARS

1.3.1

Describe the three major catagories of network attacks:

CCNA Security Chapter 1 Modern Network Security Threats

entry. Used to retrieve data, gain access, and escalate access privileges. May include: Password attack, Trust exploitation, Port redirection, Man-in-themiddle attack, or Buffer overflow Denial of Service attacks send extremely large numbers of requests over a network or the Internet to cause the target device to run suboptimally and causing the attacked device to become unavailable for legitimate access and use. 1.3.3 Describe the five basic ways that DoS attacks can do harm: Consumption of computational resources, such as bandwidth, disk space, or processor time Disruption of configuration information, such as routing information Disruption of state information, such as unsolicited resetting of TCP sessions Disruption of physical network components Obstruction of communication between the victim and others.

1.3.4

How can Reconnaissance attacks Using strong authentication be mitigated? Encrypt network traffic Use Antisniffer software Implement a switched infrastructure Use a firewall and IPS How can Access attacks be mitigated? Strong password security Principle of minimum trust Cryptography Applying operating system and application patches

How can DoS or DDoS attacks be IPS and firewalls (Cisco ASAs and ISRs) mitigated? Anti-spoofing technologies Quality of Service traffic policing
Page 7 of 8

CCNA Security Chapter 1 Modern Network Security Threats

Describe the 10 best practices to secure your network:

1. Keep patches up to date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks. 2. Shut down unnecessary services and ports. 3. Use strong passwords and change them often. 4. Control physical access to systems. 5. Avoid unnecessary web page inputs. Some websites allow users to enter usernames and passwords. A hacker can enter more than just a username. For example, entering "jdoe; rm -rf /" might allow an attacker to remove the root file system from a UNIX server. Programmers should limit input characters and not accept invalid characters such as | ; < > as input. 6. Perform backups and test the backed up files on a regular basis. 7. Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person. 8. Encrypt and password-protect sensitive data. 9. Implement security hardware and software such as firewalls, IPSs, virtual private network (VPN) devices, anti-virus software, and content filtering. 10. Develop a written security policy for the company.

Page 8 of 8